This drives home couple of important points
1. Attacks evolve faster than we can imagine. In December a Iranian group called "Charming Kitten" defeated 2FA and today (less than 40 days) we have a tool that can perform the same.
2. 2FA is (only) an additional layer of security. It is potent only when it is a part of a comprehensive risk management program.
3. Basic 2FA like OTP via SMS/Email and security questions can be defeated and organizations should be well aware of them.
4. Ultimately, end users are an important layer of defense making awareness training an important part.
https://threatpost.com/2fa-broken-authentication/140776/
No comments:
Post a Comment