The FBI Warns That Multifactor Authentication Is Not as Secure as You Think
Hackers are getting smarter
By Gene Marks
No one needs to remind us of how exposed we are to cyberthreats and how serious an issue this is for companies big and small. Over the past few years, most experts have advised us that one of the most reliable ways to prevent these attacks is to implement security software that uses multifactor authentication, or MFA.
You’re probably familiar with MFA already. It’s the process where you try to log into a website with your password but are then required to use an additional form of authentication, usually in the form of a special personal identification number (PIN) sent to your smartphone. Even if a hacker steals your password, it’s unlikely he’ll also have possession of your smartphone, too, so MFA is really secure, right?
Well, maybe not as much as we think. Last month, the FBI issued a warning to private companies about MFA. According to this ZDNet article by Catalin Cimpanu, the agency said that there is a rising threat of attacks against organizations and their employees that can bypass MFA solutions.
What kinds of threats? There are at least three that are the most popular.
