When it comes to keeping our online accounts secure, we often hear about a security measure known as multi-factor authentication (MFA). It acts like an additional lock on the door, making it harder for hackers to gain access. However, it's important to understand that having MFA is not a foolproof solution to prevent hackers from breaching the security of our accounts.
Unfortunately, hackers have many methods at their disposal to bypass this security measure. Let's explore some of the ways that hackers can still break into accounts and what steps can be taken by you, your customers, or policyholders to improve security.
How Hackers Get Around Multi-Factor Authentication:
Multi-Factor Authentication Fatigue:
Imagine a hacker bombarding you with login requests until you get fed up and just say "yes." This confusion tactic could work, especially if you're an employee, leading to unauthorised access to important networks.
Social Engineering:
Hackers often prefer tricking people instead of breaking through technical barriers. If they get some basic details about the victim, they might pretend to be locked out and contact customer support. This is allegedly how hackers got into MGM Resort systems earlier this year – through a 10-minute chat with a helpdesk.
Sim Swapping:
Hackers can convince a phone company to send them a new SIM card by pretending to be the victim. Once they have their number, they can access accounts linked to it, like banking and social media.
Compromising Generated Tokens:
Some use apps like Google Authenticator for extra security. But if a victim stores the secret codes in an insecure place, hackers can easily grab them, making their accounts vulnerable.
Session Hijacking:
Hackers can steal cookies from a browser, even if MFA is in place. This happens when someone clicks ‘choose to stay signed in’. The stolen cookies allow hackers to bypass MFA and get into accounts.
Easy Steps to Boost Online Safety:
Although MFA is important, it should be one of many basic cybersecurity measures in place to protect accounts from being compromised. Here are some other things your business or your customers should consider.
Use App Authentication:
Pick authenticator apps over phone verification. Also, keep those secret codes in a safe place to avoid easy access by hackers.
Use Strong and Refreshed Passwords:
Create strong passwords and change them regularly. This helps prevent hackers from even getting to the point of trying to bypass authentication.
Keep Software Updated:
Regularly update apps and devices. This closes the virtual windows that hackers might use to sneak in.
Monitor The Attack Surface:
It's essential to keep a watchful eye on online activities, since it's the best way to prevent hackers from stealing data. Your customers should ensure that they implement a risk management or risk monitoring tool to constantly assess their attack surface to identify any possible entry points for hackers.
DynaRisk’s risk management platforms use passive scans, monitoring, and education to offer users a holistic cyber protection tool that can benefit anyone, regardless of their previous experience or ability.
Or, if you are a client looking to monitor a portfolio for cyber risks (such as an Insurer or Fund Manager), find out more about our cyber risk management tool, Breach Check.