page-loading-spinner
Home Why Multi-Factor Authentication Will Soon Be Useless
Preparedness
Resilient Life

Why Multi-Factor Authentication Will Soon Be Useless

The User's Profile iSecurityGuru September 30, 2022
24
placeholder image

Multi-Factor Authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access to an application. For example, in addition to providing your password, you need a one-time password (OTP) sent via an email, text message or an authenticator app. On some websites, it can be an approval prompt sent to a smartphone app after you enter your password.

The conventional wisdom is that MFA will increase your security. But unfortunately, this conventional wisdom will soon be inadequate.

Make no mistake, MFA will soon no longer protect you from phishing attacks thanks to new class of phishing technology.

To understand why let’s take a brief look at the history of these types of attacks. In the past, phishing was just a means for hackers to harvest your password. After stealing it, the hacker then attempted to log into a real website using your stolen credential. If you had MFA set up, this would stop the hacker. Basically, there was a time lag between when your password was stolen and when the hacker used it to log into your account.

Today, hackers have grown a lot more sophisticated…there is no such time lag. First, when you visit the phishing website, it will retrieve the content from the real website and relay it back to you. When you enter your password on the phishing website, it will use it to log into your account on the real website simultaneously.

The rest is exclusive content for members

Curious about what being a member offers? Sign up now for a risk-free trial and get a sneak peek into the premium content, features, and perks awaiting you on the other side.

Community

Top Comment

Squirrel
Steve Gibson solved this years ago with his free product Squirrel. https://www.grc.com/sqrl/sqrl.htm
He is one of the Grandfathers of the internet and a security guru.
The answer...
Anonymous Author by zapper35
4
Start Here What Do I Do?