If our network system is protected with two-factor authentication, is there still a risk of theft of user credentials?
Absolutely. Two-factor authentication systems cannot protect your network from all evil. While they provide an extra layer of protection and help slowdown attackers, they cannot stop intruders altogether.
Let's examine some ways hackers can bypass two-factor authentication systems and what you should do to avoid this from happening.
Just as a hacker can steal a single-factor device, both two-factor pieces can be stolen as well. For example, a simple system might use a user ID and password with a one-time password (OTP) token that generates a new six or eight digit PIN number every 60 seconds. Unlike a static password, which can be used any time, the PIN changes so frequently that it would be impossible for a malicious user to break in after the allotted 60-second time interval. However, both factors can still be stolen. Here's a possible scenario: Someone shoulder surfs and lifts a user's ID and password. They now have one piece of information. Then the same hapless user absent-mindedly leaves their token on their desk and steps away. The unscrupulous shoulder surfer now has both keys to the user's login. It's that simple.
Another way a two-factor system can be broken is by a man-in-the-middle (MITM) attack. This attack uses a proxy server that is set up maliciously between the user's workstation and the authenticating system. A hacker sits on the proxy in real-time and grabs the credentials as they pass by. Once the information has been captured, the hacker can reset the static user ID and password, order a new OTP and take over the account going forward.
A two-factor system using a smart card and PIN could also be compromised if both pieces of the system are stolen. There are ways to pull data from chips embedded in smart cards. All the hacker has to do to complete the job is steal the PIN.
The point here isn't to throw out your brand new two-factor system, just make sure it's monitored, maintained, controlled, inventoried and logged for proper usage. Though it's not as likely as a single-factor system breach, two-factor authentication breaches are possible and can happen.
Dig deeper on Two-Factor and Multifactor Authentication Strategies
Related Q&A from Joel Dubin, Contributor
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.