Two-factor authentication (2FA) online accounts should be hacked for at least a short period of time. And yet … over the years, there have been various techniques to avoid it. It should be said from the outset that in 2021/2022, in terms of dual factor recognition, there is food and drink. Without providing the same level of protection, multiple methods work together.
For the most part, the preferred dual-factor authentication system for sites and organizations is based on single-use code (OTP). These are created to be dynamic by the application or external device on your smartphone. Or – unfortunately this often happens – you can get them via SMS when needed.
Troubleshoot the number of tools that make it easier to hack accounts protected by 2FA authorization
In addition to this type of authentication, there are also 2FA methods based Body protection keys like Yubikey And Google Titan. Each time the idea is the same: any link to your account, other than your username and password, means sending something else to verify your identity last.
On paper, the pattern seems irresistible. But we soon find faults in the gap. For example, when relying on OTP codes received via SMS, avoiding two-factor authentication is relatively trivial. The hacker can use the sim swap technique for this. If you have any personal data about yourself.
Sure, it will be sent to your operator for you and will ask for a copy of your SIM card, which will allow you to receive all your SMS. They can also infect the victim’s smartphone so that they can spy on their email. The risks used in a physical code generator or smartphone can be minimized. Such as body safety keys.
A study conducted jointly by Stony Brook University and the company Palo Alto Networks highlights the growing popularity of even more robust new methods against two-factor recognition, which is facilitated by distributed tools. In the dark web. We’re talking about all-in-one solutions that professionalize phishing campaigns and make it easier to steal 2FA connection data so that even an inexperienced hacker can achieve his goals.
Thanks to link cookies, whether or not two-factor authentication is enabled is of little importance
In total, the researchers found more than 1,200 of these tools threatening to make the security of two-factor authentication almost insignificant. They do not even bother to steal the login codes once – instead they simply extract your login cookies, small files with all the data needed to make sure you are well-recognized.
According to researchers, these cookies are usually stolen in two ways. Hackers can infect their victims with special malware or infect them directly by pretending to be a public WiFi hostpot. A technique called “man-in-the-middle” (MitM). Once hackers receive these cookies, they will have unlimited access to your accounts from any machine.
At least until the cookies in question expire. On some accounts, such as Facebook, Instagram or TikTok, these cookies may have a very long expiration date, indicating a higher risk for victims. Here’s how to put one together for use with your Internet Security Chain: At this point link cookies appear to be a tool that needs to be completely revised to better protect the security of online accounts.
A shame when there are online sites Try to generalize the use of two-factor authentication, Which is still struggling to win. However, before we talk about dual factor authentication, this study shows that there is still a lot of work to be done to protect our data on the Internet. It remains to be seen how long the situation will last before a truly effective solution is available.
By: Bit Defender