Hackers Steal Session Cookies To Bypass Multi-Factor Authentication. Expert Weighs In

By   ISBuzz Team
Writer , Information Security Buzz | Aug 24, 2022 12:12 am PST

Following the news that: 

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Tanaka
Michael Tanaka , Chief Commercial Operator
August 24, 2022 8:13 am

The article covers so much ground that it’s easy to lose sight of the most important facts.

Attacks can bypass a good defence. The old adage of bolting the doors but leaving the windows open springs to mind. For this reason sessions should be managed very carefully and access to data or resources, re-authenticated despite being in a “secure” session.

Unfortunately, the main reason services do not re-authenticate is for fear of aggravating the user. Often the person in charge of the user experience is at loggerheads with the security person. In the end, the customer experience argument often wins out. I’ve heard of apps that maintain a session for 90 days or even longer!

Clearly any technology that lowers the authentication friction and increases the success rate of authentication will help the Customer Experience Manager live in harmony with the Information Security Officer.

Last edited 1 year ago by Michael Tanaka

Recent Posts

Would love your thoughts, please comment.x