Security on the internet is one of the most important things that any tech based company needs to focus on, and up until now it seemed like a two factor authentication was good enough to keep you reasonably safe on the internet. A two factor authentication basically means that you enter your username and password and then receive a text message with a special code that you would have to put in in order to access your account. This seems reasonably safe because of the fact that the code is coming to your mobile phone which would be on your person.
However, Kevin Mitnick the Chief Hacking Officer at Knowbe4, a cyber security company, has stated that hackers can use a special type of phishing that would allow them to access your account illicitly. Basically you would receive an email with a link, and when you click on that link you will be taken to the actual website where you would put in your log in details since you would assume that the site is more or less legitimate.
The login is where things would go bad. Essentially the log in would occur through a private server, one owned by the hacker. This would allow the hacker to gain access to the session cookie which is basically the user. This would grant instant access to the user’s account because of the fact that the system is going to see the hacker as the user and would not require a login at that point. Basically what has happened here is that the hacker would no longer need the details of your account, so the fact that you have a two factor authentication would become more or less meaningless so you should be more careful about your account.
Illustration: TechCrunch
However, Kevin Mitnick the Chief Hacking Officer at Knowbe4, a cyber security company, has stated that hackers can use a special type of phishing that would allow them to access your account illicitly. Basically you would receive an email with a link, and when you click on that link you will be taken to the actual website where you would put in your log in details since you would assume that the site is more or less legitimate.
The login is where things would go bad. Essentially the log in would occur through a private server, one owned by the hacker. This would allow the hacker to gain access to the session cookie which is basically the user. This would grant instant access to the user’s account because of the fact that the system is going to see the hacker as the user and would not require a login at that point. Basically what has happened here is that the hacker would no longer need the details of your account, so the fact that you have a two factor authentication would become more or less meaningless so you should be more careful about your account.
Illustration: TechCrunch