Leave a review for our podcast & we'll send you a pack of infosec cards.
Finally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack.
So what should we do now? As the industry moves beyond 2FA, the good news is that three-factor authentication is not on the shortlist as a replacement. Google’s identity systems manager, Mark Risher said, “One of the truths we’ve found is that people won’t accept more security than they think they need.”
There have been talks about using biometrics as a promising form of authentication. In the meantime, know that using 2FA is more secure than using just a password.
Other Articles Discussed:
- Singapore cybersecurity pros needs a license to conduct investigative work
- White hat privilege
- Android malware threatens to expose browsing history to your contacts
- Websites without https are not recommended
Panelists: Rob Sobers, Mike Buckbee, Kilian Englert