. home.aspx



KnowBe4 Details Two-Factor Authentication Spoofing Bypass Risks

May 10, 2018 / Sean Michael Kerner

Two-factor authentication can minimize some password security risks, though KnowBe4 warns that hackers can use social engineering attacks to bypass the added protection. Two-factor authentication is a commonly used method to minimize the risks of password phishing attacks. However, 2FA itself has the potential to be spoofed and bypassed by an attacker, according to security awareness and training vendor KnowBe4. In publicly posted video, Kevin Mitnick, chief hacking officer at KnowBe4, demonstrates a method by which he was able to bypass 2FA protection. Mitnick demonstrates how a spoofed login page for a 2FA protected service can be used to trick users into inputting their username, password and 2FA credentials. In the attack, Mitnick was able to use the same session ID token generated from the spoofed site to gain access to the legitimate site. However, while KnowBe4 didn't discover the 2FA bypass approach, it is doing its part to raise awareness around the issue, Grimes said. The...