Scribd Logo
Upload

Welcome to Scribd!

  • Hacking Multi-Factor Authenticators

    Uploaded by

    Elijah
    20 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views16 pages

    Hacking Multi-Factor Authenticators

    Uploaded by

    Elijah

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Hacking

    Multi-Factor

    Authenticators

    26 October 2022
    Date and time

    Photo by Edgar Moran on Unsplash


    Table of contents

    1 What is MFA and Types


    2 Are MFAs as Safe as you Think?
    3 Picking the Right Solution
    1 What is MFA and Types
    “ MFA alone will not protect you against

    sophisticated adversaries.
    Cybersecurity is important because it
    protects all categories of data from theft
    The real problems behind computer security

    and damage
    involve people and making appropriate risk

    decisions

    Kevin Mitnick
    What is MFA and Types

    What is MFA?
    Multi-Factor Authentication is a security concept that simply involves the use of

    more than one method to verify someone’s identity

    Examples:
    Swiping a bank card at the ATM and then entering a PIN
    Presenting an ID card and then scanning a fingerprint
    Captcha verification along with phone number verification
    What is MFA and Types

    Types of Authentications
    When 2 or more of these combines, that becomes a Multi-Factor Authentication plan

    What you KNOW What you HAVE What you ARE

    Eg: Security Questions, PIN Numbers Eg: ID Cards, Phone Eg: Retinal Scan, Fingerprints
    2 Are MFAs as Safe as you Think ?
    Are MFAs as Safe as you Think ?

    How to Hack an MFA solution

    Conclusion: No, if one believe that you have a solution that is hackproof, they are either lying to you or naive.
    Are MFAs as Safe as you Think ?

    Social Engineering

    Fake Authentication
    Recovery Questions Attack
    Social Engineering Tech Support
    Are MFAs as Safe as you Think ?

    Technical Manipulation
    Session Unique Identifier Prediction
    Man in the Endpoint Attacks
    Malicious MFA Software of Hardware Modification
    Duplicate Code Generators
    Skimming Attacks
    Subject Hijacks
    Brute Force Attacks
    Buggy MFA
    Are MFAs as Safe as you Think ?

    Physical Attacks
    Stolen Biometrics
    Re-created Biometrics
    Office of Personnel Management
    Cold Boot Attacks
    Are MFAs as Safe as you Think ?

    Mixture of Methods

    Session Hijacking
    SIM Swap Attacks
    Downgrade and Recovery Attacks
    3 Picking the Right Solution
    Picking the Right Solution

    Picking the Right Solution NEEDED


    Process:
    1. Create a project team.
    2. Create a project plan.
    3. Educate.
    4. Determine what needs to be protected.
    5. Choose required and desired features
    6. Research/select vendor solutions
    7. Conduct a pilot project
    8. Select a winner
    9. Deploy to production
    Picking the Right Solution

    Picking the Right Solution NEEDED


    There can never be a right MFA solution as it is breakable and just an
    additional protection. One should not neglect trainings, awareness and
    policies completely relying on a solution.

    Cyber breach and attacks evolve day to day and it must be educated on
    that. Do not trust any vendor who says it is unbreakable.
    THANK YOU!

    You might also like