{"id":4122,"date":"2018-12-20T11:51:32","date_gmt":"2018-12-20T15:51:32","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4122"},"modified":"2018-12-20T11:51:32","modified_gmt":"2018-12-20T15:51:32","slug":"phishing-can-bypass-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/","title":{"rendered":"How Phishing Can Bypass Two-Factor Authentication"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-3663\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\" alt=\"How Phishing Can Bypass Two-Factor Authentication\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-privilieged-access-management-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/PAM_BG_SB_800.gif\" alt=\"Download Link to Privileged Access Management Buyer's Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Through automated phishing attacks, hackers send victims an apparently legitimate email asking for their email account password. They also send them to a phishing page\u2014which looks similar to the legitimate website\u2014on which to reset their password. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This, in turn, triggers a two-factor authentication code which is sent to the target\u2019s phone, allowing hackers to phish the code as well. Now with the code and the password in hand, hackers can log in into their victims\u2019 email accounts. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Amnesty International reported hackers developed multiple versions of this attack tactic. The key takeaway, however, is that hackers can automate these phishing attacks\u2014bypassing two-factor authentication with no manual input <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This should concern your enterprise and your IT security team. It indicates hackers have figured out consistent ways to bypass more traditional and legacy identity and access management solutions with minimal effort.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">While the current targets of these attacks are journalists and activists in the Middle East and North Africa, cybersecurity experts assert the criminal underground has become more collaborative. These tactics will eventually be used against your enterprise and your employees. You need to prepare. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Two-factor authentication can rely on physical hard tokens, which are difficult to fake or steal. However, many two-factor authentication systems use a text messaging system which sends a one-time authentication code to a mobile device. This system appears secure but actually favors convenience in its authentication processes which can cause security gaps. Your enterprise will need to deploy a better authentication system. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Instead, enterprises should invest in <a href=\"https:\/\/solutionsreview.com\/identity-management\/contextual-multifactor-authentication-ping-identity\/\" target=\"_blank\" rel=\"noopener\">multifactor authentication<\/a>; these authentication protocols prove much harder to hack, as they also take into account geographic location, time of login, and biometric authentication factors. While two-factor authentication may appear more convenient, multifactor authentication can be as convenient while ensuring greater security. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Moreover, access management should not emphasize convenience. If you wouldn\u2019t allow individuals to walk into your analog vaults, you shouldn\u2019t allow them to walk into your databases. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can read more about Amnesty International\u2019s research into two-factor authentication and phishing attacks <\/span><a href=\"https:\/\/www.amnesty.org\/en\/latest\/research\/2018\/12\/when-best-practice-is-not-good-enough\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">here<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n<p style=\"text-align: justify\"><br \/>Widget not in any sidebars<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts. \u00a0 Through automated phishing attacks, hackers send victims an apparently legitimate email asking for their email account password. They also send them to a phishing page\u2014which looks similar to the legitimate website\u2014on which to reset their password. [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":3663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[142,958,125,16,112,76,70,30,435],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Phishing Can Bypass Two-Factor Authentication<\/title>\n<meta name=\"description\" content=\"A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/\",\"name\":\"How Phishing Can Bypass Two-Factor Authentication\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"datePublished\":\"2018-12-20T15:51:32+00:00\",\"dateModified\":\"2018-12-20T15:51:32+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Nintendo Breach: What to Know and Expert Commentary\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Phishing Can Bypass Two-Factor Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Phishing Can Bypass Two-Factor Authentication","description":"A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/","url":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/","name":"How Phishing Can Bypass Two-Factor Authentication","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","datePublished":"2018-12-20T15:51:32+00:00","dateModified":"2018-12-20T15:51:32+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"A report from Amnesty International found hackers now possess tactics to bypass two-factor authentication protection on email accounts.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/11\/Dark-web-mod.jpg","width":800,"height":400,"caption":"Nintendo Breach: What to Know and Expert Commentary"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/phishing-can-bypass-two-factor-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"How Phishing Can Bypass Two-Factor Authentication"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4122"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4122"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4122\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/3663"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}