Article 45B31 SMS text two-factor authentication "bypassed at scale"

SMS text two-factor authentication "bypassed at scale"

by
Rob Beschizza
from on (#45B31)
Story Image

Gmail's text-message two-factor authentication is not only insufficiently secure, but "bypassed at scale", reports Joseph Cox.

A new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target's phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.

I use Authy.

External Content
Source RSS or Atom Feed
Feed Location https://boingboing.net/feed
Feed Title
Feed Link https://boingboing.net/
Reply 0 comments