Techly NewsGet the app

Get the latest tech news

Why MFA is getting easier to bypass and what to do about it


Why multifactor authentication based on one-time-passwords and push notifications fails.

The tools provide phishing-as-a-service toolkits that are marketed in online crime forums using names including Tycoon 2FA, Rockstar 2FA, Evilproxy, Greatness, and Mamba 2FA. The malicious link leads to the attacker’s proxy server that, thanks to the phishing-as-a-service toolkit, looks identical to the real Google login site (except for the URL displayed in the address window). Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of bypass

bypass

Photo of MFA

MFA

Related news:

News photo

Google binning SMS MFA at last and replacing it with QR codes

News photo

Bitwarden makes it harder to hack password vaults without MFA

News photo

Microsoft MFA outage blocking access to Microsoft 365 apps

« Time saved by AI offset by new work created, study suggests
Epic Games Is Launching Webshops To Circumvent App Store Fees »