Strong Authentication Not Strong Enough


Strong Authentication Not Strong Enough

Cyber thieves are defeating two-factor authentication systems. Gartner recommends defense-in-depth

By Thomas Claburn
December 14, 2009 05:05 PM

Two-factor authentication — used to protect online bank accounts with both a password and a computer-generated one-time passcode — is supposed to be more secure than relying on a single password.

But Gartner Research VP Avivah Litan warns that cyber criminals have had success defeating two-factor authentication systems in Web browsing sessions using Trojan-based man-in-the-middle attacks.

A Gartner Research note written by Litan explains that in the past few months, Gartner has heard from many banks around the world that rely on one-time-password authentication systems. Accounts at these banks have been compromised by man-in-the-middle attacks — the report uses the term "man-in-the-browser" — despite the use of two-factor security.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: