If our network system is protected with two-factor authentication, is there still a risk of theft of user cred...
Absolutely. Two-factor authentication systems cannot protect your network from all evil. While they provide an extra layer of protection and help slowdown attackers, they cannot stop intruders altogether.
Let's examine some ways hackers can bypass two-factor authentication systems and what you should do to avoid this from happening.
Just as a hacker can steal a single-factor device, both two-factor pieces can be stolen as well. For example, a simple system might use a user ID and password with a one-time password (OTP) token that generates a new six or eight digit PIN number every 60 seconds. Unlike a static password, which can be used any time, the PIN changes so frequently that it would be impossible for a malicious user to break in after the allotted 60-second time interval. However, both factors can still be stolen. Here's a possible scenario: Someone shoulder surfs and lifts a user's ID and password. They now have one piece of information. Then the same hapless user absent-mindedly leaves their token on their desk and steps away. The unscrupulous shoulder surfer now has both keys to the user's login. It's that simple.
Another way a two-factor system can be broken is by a man-in-the-middle (MITM) attack. This attack uses a proxy server that is set up maliciously between the user's workstation and the authenticating system. A hacker sits on the proxy in real-time and grabs the credentials as they pass by. Once the information has been captured, the hacker can reset the static user ID and password, order a new OTP and take over the account going forward.
A two-factor system using a smart card and PIN could also be compromised if both pieces of the system are stolen. There are ways to pull data from chips embedded in smart cards. All the hacker has to do to complete the job is steal the PIN.
The point here isn't to throw out your brand new two-factor system, just make sure it's monitored, maintained, controlled, inventoried and logged for proper usage. Though it's not as likely as a single-factor system breach, two-factor authentication breaches are possible and can happen.
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Joel Dubin
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading