![]() Two-factor authentication is a critical component of security for enterprises today - despite the fact that only 28% of people employ 2FA. Incorporate 2FA as Part of a Larger Identity Strategy to Stop Cyber Theft This eliminates additional devices altogether and instead relies on a user's inherent credentials, such as fingerprints, a retina, or even gait. While these options are also relatively inexpensive and easy to set up, they can, like SMS tokens, fail in delivery and are vulnerable to interceptions.Īn exciting area of multifactor authentication (MFA) that is on the rise is biometrics. Several teams rely on email or phone verification, where the user receives a link or a voice recording with an alphanumeric token. In addition, employees often misplace hardware tokens or confuse them with other personal devices. Unlike SMS and software tokens, hardware tokens don't require cell-phone reception or even Wi-Fi however, they are costly to set up and maintain. ![]() ![]() They rely on a physical device, such as a key fob or USB dongle, that generates a token for the user. Hardware tokens are another method that many enterprises use. Tweet This Other Forms of 2FA That Could Have Stopped the Reddit Data Breach A more secure version is employing software tokens." "SMS 2FA is vulnerable to swings in cell-phone connectivity and can be easily intercepted by third parties. The user must copy the password into the website's or app's required field for verification before it expires. They all rely on a time-based one-time password (TOTP) algorithm to generate a short-lived (30 seconds or less) password. The Microsoft Authenticator is one of many similar tools, including the Google Authenticator, Twilio Authenticator, and LastPass Authenticator. The Microsoft Authenticator is an example of a popular software token-based solution, which could have provided Reddit a tighter wall against hackers. Software tokens in 2FA have gained popularity in recent years with the rise of smartphones. SMS 2FA is vulnerable to swings in cell-phone connectivity and can be easily intercepted by third parties.Ī more secure version is employing software tokens. Many enterprises have opted for this method because two-factor authentication is user-friendly (nearly everyone is familiar with receiving text messages) and is inexpensive to set up. This is generally a 5- to 10-digit code, which the user types in after the successful entry of their username and password. The most common 2FA method sends the user a unique token via SMS/text message. Why Didn't Two-Factor Authentication Stop Reddit's Data Breach?Īlthough Reddit employed a two-factor authentication (2FA) shield, it was SMS-based, and the main attack occurred via SMS intercept.Īll forms of 2FA require a user to provide a second form of identification - over and above a simple password - to gain access to a system. How do companies like Reddit protect themselves in an increasingly dangerous environment? This piece digs into key strategies you can use to brace your company against attacks before they happen - and tells you what to do if the unfortunate occurs. The pace of break-ins has been steadily rising for over a decade. has seen 668 data breaches that have exposed more than 22 million personal records. This is one of hundreds of breaches this year. This largely included account credentials (username + salted hashed passwords), email addresses, and messages - valuable information that thieves can recycle to access other accounts, such as health or financial records. The theft contained a complete copy of an old database backup that held personal data from Reddit's early users. No Reddit information was altered, and the company quickly moved forward to lock down proprietary data, but it's still caused ripples of concern among Reddit's community of users. On June 19, Reddit learned that an attacker had breached several employee accounts via the company's cloud and source-code hosting providers:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |