Thycotic’s Nathan Wenzler had a following comment on the Yahoo Account Key announced this week. He was surprised this security flaw was not pointed out.
[su_note note_color=”#ffffcc” text_color=”#00000″]Nathan Wenzler, Executive Director of Security, Thycotic :
Yahoo Account Key might make life easier for consumers, but it also leaves them open to an entirely new type of attack. Hackers have access to millions of emails accounts from 2015’s data breaches alone. With Yahoo Account Key, hackers can just try logging into every Yahoo address they find, and wait. Eventually, some users will accidentally hit “yes” on their phones, and just like that, they’re in. Hackers only need a small percentage to make that mistake to make it worthwhile, similar to how they determine success rates for spam and emails that are sent in large volumes.[/su_note][su_box title=”About Nathan Wenzler” style=”noise” box_color=”#336588″]
Nathan has over a decade of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations. Throughout his career, Nathan has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort. Currently as the Senior Technology Evangelist for Thycotic, Nathan brings his expertise on security program development and implementation in both the public and private sector to admins, auditors, managers, and security professionals at a variety of conferences, trade shows, and educational events.[/su_box]
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
