Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Modlishka - A tool that can bypass login protections for accounts protected by two-factor authentication (2FA).

Friday, January 11, 2019

Modlishka - A tool that can bypass login protections for accounts protected by two-factor authentication (2FA).

This drives home couple of important points

1. Attacks evolve faster than we can imagine. In December a Iranian group called "Charming Kitten" defeated 2FA and today (less than 40 days) we have a tool that can perform the same.

2. 2FA is (only) an additional layer of security. It is potent only when it is a part of a comprehensive risk management program.

3. Basic 2FA like OTP via SMS/Email and security questions can be defeated and organizations should be well aware of them.
4. Ultimately, end users are an important layer of defense making awareness training an important part.

https://threatpost.com/2fa-broken-authentication/140776/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Friday, January 11, 2019

Modlishka - A tool that can bypass login protections for accounts protected by two-factor authentication (2FA).

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive