HOW IT REALLY HAPPENED: NINJIO SEASON 3, EPISODE 4, 2 FACTOR FAKE OUT
In NINJIO’s Season 3, Episode 4, 2-Factor Authentication using your mobile phone (SMS) is a great security measure, and countless end-users have it in place – but that’s bad news for Nico as he tries to use some stolen credentials. Nico and his hacking buddy think of a scheme to get around 2FA via SMS, opening the potential for business email compromise and all sorts of mischief. When using SMS for 2FA verification, it’s important to know that you should always expect the code, and to verify the legitimacy before using it or giving it up.
CNET looks at the history of 2FA, discussing the ways that we see it used – both as a security measure, and as a tool to run scams.
Wired looks in-depth at common perceptions of 2FA, discussing the weaknesses, strengths, and methods involved in implementing it at the workplace.
The Economist discusses some large-scale hacks that involved 2FA and looks at the flaws in the system.
Krebs on Security discusses 2FA users being tricked with phishing and smishing scams; even with the scams, 2FA is a great security tool with numerous applications that don’t rely on text messaging.
Text messaging isn’t always the most secure way to receive 2FA codes as The Verge discusses here.