We'll help you to build your Brand!

The leaked NSA report shows 2-factor authentication has a critical weakness: You

Written by ATLcomputerdude. Posted in Latest News.

. -
The leaked NSA report shows 2-factor authentication has a critical weakness: You"Wait, all I did was enter all my personal info into a random site after clicking a sketchy link!"

Image: jhorrocks/Getty Images

2017%2f02%2f23%2f8d%2fjackmorse2copy.daa9eBy Jack Morse2017-06-07 02:32:32 UTC

So you've created a strong password, kept an eye out for sketchy links, and enabled two-factor authentication — what could possibly go wrong?

Well, it turns out the answer is "you." 

As the leaked NSA report on Russian efforts to hack the computers of U.S. election officials before the 2016 presidential election demonstrates, we are all often our own biggest security weakness. The document, published by The Intercept, shows that hackers found a way around the protections offered by two-factor authentication that is striking in its simplicity: They asked the targets for their verification codes. 

"If the victim had previously enabled two-factor authentication (2FA)," explains a slide detailing the Russian attack, "the actor-controlled website would further prompt the victim to provide their phone number and their legitimate Google verification code that was sent to their phone."

To translate, after tricking victims into entering their email and password into a fake Google site, the hackers found that some victims had 2FA set up on their accounts. This meant that even with the password, hackers were unable to gain access to the Gmail accounts in question — that is, unless they could get the verification codes as well. 

So, again, they just straight up asked for them. 

A step-by-step approach.

A step-by-step approach.

"Once the victim supplied this information to the actor-controlled website, it would be relayed to a legitimate Google service, but only after [redacted] actors had successfully obtained the victim's password (and if two-factor, phone number and Google verification code) associated with that specific email account."

Basically, the hackers were able to bypass the email security measures by requesting that the victims give them the keys to the digital castle. 

Once access was gained to the accounts, which reportedly belonged to

Read full article

Get in touch:

Telephone: (404) 954-1242


Offices in:

(Atlanta, GA | New York, NY | Dallas, TX )    .

This email address is being protected from spambots. You need JavaScript enabled to view it.

Social Media:


Atlanta Computer Dude Locations:

mybrand-map

Europe - North America - South America - Australia

www.atlcomputerdude.com