December 19, 2018 03:39 pm PST
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/0ODo3_8erJQ/sms-text-two-factor-authentica.html
SMS text two-factor authentication "bypassed at scale"
Gmail's text-message two-factor authentication is not only insufficiently secure, but "bypassed at scale", reports Joseph Cox.
A new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.
They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the targets phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.
I use Authy. Read the rest
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/0ODo3_8erJQ/sms-text-two-factor-authentica.html
Share this article:
Tweet
View Full Article