article thumbnail

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

article thumbnail

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.

Phishing 307
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bypassing Two-Factor Authentication

Schneier on Security

FIDO2 multi-factor authentication systems are not susceptible to these attacks, because they are tied to a physical computer. .” Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.

article thumbnail

On Risk-Based Authentication

Schneier on Security

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before. Paper’s website.

article thumbnail

Fooling a Voice Authentication System with an AI-Generated Voice

Schneier on Security

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank.

article thumbnail

Authy vs Google Authenticator: Two-factor authenticator comparison

Tech Republic Security

Check out these features from Authy and Google Authenticator before deciding which authentication tool is best for you. The post Authy vs Google Authenticator: Two-factor authenticator comparison appeared first on TechRepublic.

article thumbnail

Problems with Multifactor Authentication

Schneier on Security

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.