Spoofing 2F Authentication

By   ISBuzz Team
Writer , Information Security Buzz | May 14, 2018 04:15 am PST

Security researcher Kevin Mitnick has demonstrated in a YouTube how easy it is to spoof 2-factor authentication with social engineering techniques.  Ryan Wilk, Vice President of Customer Success at NuData Security Inc. commented below.

Ryan Wilk, Vice President of Customer Success at NuData Security Inc.:

“Bad actors are constantly trying to engineer new ways of bypassing security measures; however, two-factor authentication still offers stronger security than the classic one-factor authentication. To avoid sophisticated attacks, two-factor authentication can be combined with other security layers such as passive biometrics and behavioral analytics, so that if one layer fails, another layer of security takes over, protecting the customers’ accounts even if the credentials have been stolen via phishing.
While two-factor authentication capabilities can help verify the user, behavioral analytics and passive biometrics allow you to learn and trust the user’s behavior both in and across the session. This way you put the trust on the human instead of the device. With passive biometrics, customers are identified by their behavior online and not by static data such as passwords or one-time codes. This inherent behavior cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account.”