It's not safe and might even be hackable.
According to the man who was once FBI’s most wanted hacker the two-factor authentication may not be as safe as we all hoped it was.
Kevin Mitnick is an ethical hacker now working with IT professionals around the world, helping businesses to stay secure in today’s cyber-security space.
“Just by enabling two-factor authentication, you can’t relax…a smart attacker could get access to your account,” Mitnick said in an interview with CNBC.
Mitnick found out about this vulnerability when he found it posted online, for anyone to use. “The tool to actually pull these attacks off has been made public. So any 13-year-old could download the tool and actually carry out these attacks,” he said.
How the vulnerability works
Mitnick states that the attack starts as an email from a cybercriminal, the email looks legit, and will have a link for the receiver to click.
Once the user clicks the link, they are directed to log into the real website and use a code that is sent to their cellphone. Unbeknowest to the user, the log in went through the hacker’s server. This gave the cybercriminal the session cookie.
“If we can steal the user session cookie, we could become them, and we don’t need their username, their password, or their two-factor,” Mitnick said.
This attack is part of what is known as social engineering, when hackers take advantage of human behavior to get you to do something, like click on a link. Another way to protect yourself is to pay close attention to emails you get, even if you use two-factor authentication.
Tired of paying to much for your Managed Services?
Why not give our Essential packages a look! We have exactly what every type of business needs.