1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Two-factor authentication not secure, say researchers

Discussion in 'Network World' started by RSS, Feb 24, 2016.

  1. RSS

    RSS New Member Member

    Social engineering can be easily used to trick users into confirming authentication codes, says a computer science professor at NYU.

    Generally thought to be secure, the process whereby a verification code, usually delivered by e-mail or text, is sent to a user who’s lost their password, can in fact be hacked.

    And the way it’s done? Just ask the user for the officially-sent verification code, says Nasir Memon, professor of Computer Science and Engineering at the New York University Tandon School of Engineering.

    A second, bogus text or e-mail simply asks the user to forward the original, legitimate verification text. And people do it, no questions asked, Memon reckons.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page