Two-factor authentication not secure, say researchers
Once thought secure, questions are now being raised by researchers as to just how bullet-proof texted verification codes are.
- Patrick Nelson for Network World February 24th, 2016
- Source: http://www.networkworld.com/article/3036778/security/two-factor-authentication-not-secure-say-researchers.html
Social engineering can be easily used to trick users into confirming authentication codes, says a computer science professor at NYU.
Generally thought to be secure, the process whereby a verification code, usually delivered by e-mail or text, is sent to a user who’s lost their password, can in fact be hacked.
And the way it’s done? Just ask the user for the officially-sent verification code, says Nasir Memon, professor of Computer Science and Engineering at the New York University Tandon School of Engineering.