twofactorauthentication – Page 2 – SSL and internet security news

Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems

May 10, 2017 infossl

crime, hacking, phones, Security technology, ss7, twofactorauthentication

I’ve previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn’t authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user … Read More “Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems” »

NIST is No Longer Recommending Two-Factor Authentication Using SMS

August 5, 2016 infossl

authentication, nist, Security technology, sms, twofactorauthentication

NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance. Powered by WPeMatico