isBuzz News: Spoofing 2F Authentication

May 14, 2018 — Beating 2FA may be easier than it seems

Ryan Wilk, VP at NuData, comments on a report issued by Information Security Buzz News, about security researcher Kevin Mitnick, who has demonstrated in a YouTube how easy it is to spoof 2-factor authentication with social engineering techniques.

While two-factor authentication capabilities can help verify the user, behavioral analytics and passive biometrics allow you to learn and trust the user’s behavior both in and across the session. This way you put the trust on the human instead of the device. With passive biometrics, customers are identified by their behavior online and not by static data such as passwords or one-time codes. This inherent behavior cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account.

For the complete article, go here.