Two-factor authentication (2FA), is it enough?
‘’Make sure to enable and enforce two-factor authentication’’ — That’s always been our best advice. And, don’t get me wrong, it still is. However, a few recent developments may have turned the tides a bit in the favour of cyberattackers.
Let’s go back a few weeks in time now shall we…
In early July, amid the continued global adoption of remote work, the cybersecurity world was startled by a ‘novel’ incident that managed to turn off 2FA for a company called Amos WITHOUT actually going through the enabled 2FA step.
In other words: Attackers managed to make 2FA redundant, casting security doubts around its effectiveness.
Wait, what! — But is that even possible?
That was my first reaction. Normally, when 2FA is enabled, any attempt to log-in from an ‘’unfamiliar device’’ requires additional verification (ex: using a code, text you receive on your phone, email, etc.). Without successfully passing that second step, access will be denied.
Sounds simple and effective, right? Not anymore.
Hacking 2FA – How did they do it?
There are TWO important factors to consider here:
1.Human error: We’re humans, we make mistakes, it’s a fact of life. That’s the most common security scenario and why we always emphasize the importance of having a cloud security tool to get your back when human errors happen.
✅ In this scenario, Amos used a service called ‘NoMachine’ to access virtual desktops remotely. The big problem occurred when Mr. Amos, who used NoMachine to operate the virtual desktop of macOS, saved his login information to Safari after logging
in to his Google account from there. Which he admits ‘’shouldn’t have been done’’.
2. Google’s Password Manager: Everyone loves Google password manager. It ‘delightfully’ prevents you from having to re-enter those passwords on and on, especially when you’re in a rush or can’t quite remember your password. But here’s the catch:
Disabling Google 2FA doesn’t need 2FA if you’re already logged in.
✅When Mr. Amos recently logged in, Google had cached a recent session token on their machine. Attackers were then able to re-use the cached password in Safari auto-fill, refresh the session token, and subsequently, disable 2FA on that account.
Two-factor authentication VS Constant Identity verification
So how to outsmart attackers even when human error plays its part? — Simple, make identity verification ‘Constant’ rather than a single event at log-in.
That way, even if attackers manage to get in, the constant verification mechanism will detect the imposter right away and kick them out of the session.
How does it work?
Using AI to automate Cloud security, constant identity verification uses biometric identification, such as behavioural patterns, as the basis for authentication. The Zero trust mechanism keeps working in the background, throughout the entire session, while the user is logged in, to confirm their identity.
GAT’s ActiveID is the perfect example to explain how constant identity verification works. ActiveID continuously monitors the typing style of each user, actively verifying that the user behind the keyboard is in fact the user who is logged in, at all times, in Google Chrome.
If an impostor is detected, a whole range of corrective actions can be taken. From alerting an Admin or Security Officer with a webcam shot of the ‘impostor’, to logging out the user.
Configure GAT Shield with ActiveID and it will instantly start learning who each user is, building a unique mathematical model for each user and using AI to process the live typing stream data, simultaneously monitoring and learning.
Two-factor authentication remains an important security step and is certainly better than using username and password alone.
However, as cybercriminals continue to figure out ways around traditional authentication methods, Zero trust solutions that offer constant identity verification become the more popular cloud security choice. Especially for remote work security.
Learned something new today? — help us spread the word and join the conversation on social media using the buttons below ?