With standard password-based security procedures, you are likely protecting your network from cybercriminals simply with a username and password. But as passwords are becoming even easier to crack—especially when users use the same password for a variety of personal and work accounts as well as not keeping up with good password hygiene, criminals are relying on user credentials as a easy backdoor onto your network.
Many businesses have turned to using 2 Factor authentication (TFA)—a two-step verification—to provide additional security and validation that the person logging in is who they say they are.
How does 2 Factor Authentication Work?
In addition to requiring a login with username and password, TFA requires that a user use a piece of information that only they should know or have immediately to hand in—such as a token.
TFA has been around for some time now—Google in 2011 announced two-factor authentication as an added security for many of their applications. Typically upon login with a password, the site on which you are logging either texts or calls you with a number (or token) to further verify your identity. In the business world, many businesses utilize physical tokens systems with numbers that change after 15- 20 seconds as a means to verify an identity. After logging with a username and password, people using these systems are then prompted to type in the string of numbers from their token before the number updates.
To-date, using a TFA has lowered the number of cases of identity theft and has reduced the risk that breaches of user passwords open the doors to cyberattacks.
So… If I am using TFA, why would I have to worry about password security?
While TFAs can significantly reduce hacking attempts by making it harder for criminals to crack your systems, a lot of businesses relying on them often believe that since they have this added security, they are completely safe from cyberattacks and data breaches.
WRONG!
What cybersecurity experts agree is that two factor authentication can lead to users being over-confident that their system will protect them. That they are completely unhackable… basically undefeatable, which nowadays is by no means the case!
What I want to point out is that even the current gold standard of credential verification is not completely bullet proof. TFA systems are hacked in a variety of ways. Here are a couple recent sneaky ways criminals are bypassing or cracking into TFA protections:
Man in the middle attacks—These attacks start by tricking someone to landing on a rogue website and asking for TFA credentials. Essentially, these attacks are easily gleaning two-factor data to gain access onto secure networks (and they have been quite successful I might add!).
Most folks don’t realize that once you authenticate the TFA—no matter how hard it is to crack (biometric data, token passcode that changes, you name it)—that criminal now has what I like to call a “soft token”, which can be used to logon time and time again without question.
Be warned: criminals are looking for the most valuable data you have. If you’re using TFA, you’re likely investing in the extra security for some reason, giving them more incentive to find out why and get the bigger payload.
Thinking that your users are safer simply because you have technology protecting them is NOT a good approach to implementing TFAs and ensuring your network is safe!
Man in the endpoint attacks—similar to man in the middle attacks, if a hacker can get onto your computer (perhaps if you’re connected on a network at a local coffee shop), they can easily modify the software involved in the two factor authentication process to either steal secrets protected by the TFA or use an already approved authentication to access data behind the curtain.
Trojans have been around since the early 2000s and are excellent ways for criminals to glean this type of information (running in the background un-noticed).
Some instances where a man in the endpoint has been successful have been transactions where a Trojan is actually using the same exact TFA to wire money or data simultaneously from a secure connection—completely unnoticed by the user!
Bottom line: It doesn’t matter how you authenticate your computer—using two factor authentication or not. Once you authenticate your session, if you have malware hidden on your computer, you might have just given someone—unknowingly—access to secured accounts or networks.
And even when you lock your screen—that token may still be active and reused by these bad guys, who might end up hitting the jack pot to get onto your secured network!
Compromised authentication software—if someone on your team allows a hacker to install some piece of software on their computer—possibly unnoticed—the attacker may end up installing rogue authentication software on the machine as well. By doing this, they end up stealing token information or other verification information for use to access your secured network.
While two factor authentication has made it harder for bad guys to access your sensitive data, it hasn’t completely eliminated them from getting into your network through your users.
Take home: training your users to recognize suspicious emails, websites and online requests should be part of your strategy to help keep your network safe. Monitoring activity and actively looking for suspicious activity—malware activity and suspicious logins—is critical to keeping networks secure.
Note sure if you’re protecting your data even with high tech solutions? Contact Us TODAY for a free network security assessment!