alt tag

Posts Tagged ‘2-factor authentication’


Looking at USB/NFC Keys for Extra Account Security

Tuesday, August 1st, 2017

Hijacked accounts are an IT security nightmare, so it makes sense for your company to look at new technology for better ways to keep your digital assets safe. While security professionals are working out new ways to look at what account credentials are, sometimes with mixed results like with Samsung’s iris-scanner:  it’s clear that the username/password system alone isn’t enough anymore. According to PC World, a new device-based authentication key called “YubiKey” plugs countless security holes by requiring the connecting of a physical device to a computer or smartphone to access accounts.

hacker-1944688_1280

Increased Security, Tougher to Crack with YubiKey

The authentication device solution owes its lineage to the 2-step verification system, which forces the user trying to access the account to enter a time-sensitive key sent to the user through a secondary device to access an account. Usually, to save effort, these systems flag a device as allowed after a one-time authentication. The YubiKey changes that requirement so that the access key device needs to be physically connected to the device accessing the account: disconnecting the device means logging out of the account. This offers increased security because it prevents people from accessing accounts on stolen, authenticated devices and prevents anyone else from being able to use the account at the same time as the key holder.

Avoiding the SMS Pitfall

Physical authentication devices do not need to transmit a key to the user, only send the key to the site hosting the account which makes them much more secure. In 2016, hackers found a way to intercept 2-Factor authentication system messages sent over SMS text-messaging, which put a huge dent in the method’s dependability. Hackers strike businesses incredibly frequently, so any way that your company can stay ahead of them helps.

USB is the Standard-Bearer, NFC is Forward-Thinking

The biggest problem many new security methods face stems from cross-device compatibility. If the authentication device won’t work with a person’s computer, phone, or other devices, it’s not going to be widely used. However, the YubiKey works around this problem by being compatible with both the USB ports devices have been using since 1994 and NFC found in many newer devices that may lack a USB port. Supporting standards like USB and NFC eliminates the most substantial barrier between the authentication device and the end-user.

However helpful devices like the YubiKey are, progress doesn’t stop there. A similar device called “Token,” which is a biometric token ring acts as an authentication device and can also require a fingerprint scan for additional protection. If your business is looking to take a step forward in IT securitycontact the experts at MPA Networks today!

You might also want to read:

Addressing the Unique Ransomware IT Security Issues in Healthcare

Is Your Office Router Secure? 

Flaws in 2-Factor Authentication Methods Could Leave You Vulnerable

Tuesday, July 11th, 2017

If your business is using 2-factor authentication, or 2FA, methods to secure your important accounts, you may need to investigate better ways to implement the practice. Security experts widely recommend using 2FA, a system which utilizes a second security level of authorization in addition to a password to keep hackers out of accounts even when they have the password. However, not all delivery methods for transmitting that second code, token, or credential are equal.

According to Mashable, hackers have found a way to exploit the SMS text message-based delivery code method popular with services like Twitter.

technology-1940695_640

The SMS Flaw

SMS messaging proved itself as a viable solution for getting a device capable of receiving 2FA authentication codes into the hands of the average person because most people already own a compatible device. Using text messaging is very practical because SMS-compatible cellular phones are so widely used that it’s almost expected that a user already has a compatible device; it doesn’t even need to be a smartphone to utilize this method.

However, a 2017 bank account draining heist is shining a light on how hackers can exploit SMS-based code delivery by re-routing or intercepting text messages. Instead of manipulating the account or security platform, the hackers hit the vulnerable text messaging system instead. According to Ars Technica, hackers were able to exploit the widely used Signaling System No. 7 telephony system to redirect 2FA token messages from banks to bypass security. This method can work on any platform using SS7.

Should My Business Stop 2-Factor through SMS?

Your business should not abandon 2FA just because hackers found one way to break through it. Using 2-Factor is still more secure than not using it: it still creates an additional step for the hacker to get through. However, it does mean that your business should consider switching over to alternative code delivery methods whenever applicable.

  • Look for applications like the Google Authenticator app for enabling account access, which uses secure HTTP communication to send the validation code instead of SMS.
  • While they include an additional expense, 2FA security key fobs offer far more secure options over SMS.
  • Services typically send an email alert whenever a new device is used to access the account: pay attention to these because they can alert you immediately if your account has been hijacked. You can change the password at this time to minimize any damage.

If your business is looking to plug its potential security leaks, the IT consulting experts at MPA Networks can help. Finding the right tools for your business’s unique needs is an important part of any security strategy. Find out more and contact us today!