C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Making your MFA secure: tips from a security architect
Many security breaches take place when attackers gain access to Internet-facing applications by using compromised credentials. As an added layer of security against leaked credentials, organizations have been implementing multi-factor authentication (MFA) mechanisms to verify the identity of users connecting to critical online assets. One of many multi-step authentication methods is phone call back. The authentication process starts with a user inputting a password that, once successfully validated, leads to a phone call on a registered device associated with the user’s account. After the user answers the phone and approves the login request, she is allowed to login. Unfortunately, phone callback verification is prone to misconfigurations resulting in compromises even in the presence of MFA. Things to watch out for in MFA. Ensure the option to enroll the next time users attempt to log is not available to connecting users. If available, attackers with a valid password can complete the enrollment on a user’s behalf using the phone number of their choice before the legitimate user ever accesses the system. It is critical that enrollment of legitimate users’ devices is completed prior to allowing access to applications protected by phone call back. Otherwise, the first step in the authentication process using a valid password should fail if a user has not completed the enrollment.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.