The strong authentication weakened Gartner Research announced that strong authentication methods require two factors to thank you for experienced hackers.
Strong Authentication
Authentication is a process used to identify a machine or a person on a network. It is called strong when two elements or two "factors" or more are used, such as a password and a fingerprint. In principle, the increase in factors increases process safety.
The two-factor authentication is common in professional circles. A banking site can request a password and a code generated from single-use machine authentication and the server. However, this system is now vulnerable to attack from the man in the middle.
Deception and diversion
Specifically, banks based on an appeal by the owner of the account as one factor authentication have already seen the pirates come to transfer calls to users on their phones that records the call to play it at the bank, passing for the client. Hackers use software to finally intercept the redirect network traffic to the website of the bank to their machine and take advantage of single-use code without the user noticing. Some hackers have even come to rewrite the browser information to the user who thinks that his account is normal when he was stoned, with the aim of delaying the possible discovery of fraud and allow time for the cracker of escape the justice system.
Losses related to such attacks now amount to nearly $ 100 million (approx. EUR 70 million) by the Internet Crime Complaint Center. One of the malware used in this kind of attack is a Trojan horse that Zeus was injected on Amazon EC2 cloud last week ("The disappointments of Amazon EC2).
The importance of being updated
Gartner encourages companies to take further steps to protect themselves by changing the factors of authentication to abandon the call and the code for single use safer methods such as biometrics, RFID, etc.. It is also possible to increase the number of factors and to use methods of communication different from those used to access information. For example, use something other than the web browser as a means of authentication.
Reply With Quote
Strong Authentication UK 
Copyright Techfuels
Bookmarks