twofactorauth.org

September 7, 2016

The Limits of SMS for 2-Factor Authentication

This post was originally published on this siteA recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code. Mark Cobb, a computer technician in Reno, Nev., said […]
September 7, 2016

The Limits of SMS for 2-Factor Authentication

This post was originally published on this siteA recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code. Mark Cobb, a computer technician in Reno, Nev., said […]
January 5, 2017

Stolen Passwords Fuel Cardless ATM Fraud

This post was originally published on this siteSome financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime. A portion of the third rejection letter that Markula received from Chase about her $2,900 fraud claim. […]
December 18, 2017

The Market for Stolen Account Credentials

This post was originally published on this sitePast stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment. Not long ago in Internet time, your typical cybercriminal looking for access to a specific password-protected Web […]