Two-factor authentication not secure, say researchers

Once thought secure, questions are now being raised by researchers as to just how bullet-proof texted verification codes are.

Social engineering can be easily used to trick users into confirming authentication codes, says a computer science professor at NYU.

Generally thought to be secure, the process whereby a verification code, usually delivered by e-mail or text, is sent to a user who’s lost their password, can in fact be hacked.

And the way it’s done? Just ask the user for the officially-sent verification code, says Nasir Memon, professor of Computer Science and Engineering at the New York University Tandon School of Engineering.

(Read more...)