Acceptto’s Principal Architect Fausto Oliveira shares his thoughts on the MFA and keeping your information safe on International Safer Internet Day in an interview with Security Week.
Multi-factor authentication provides an even bigger friction pain point than passwords without always providing any more security. Fausto Oliveira, principal security architect at Acceptto explains, “When users have to consult their Time-based One-time Password algorithm (TOTP) every single time they try to open a website, the temptation is to have the authenticator reside in the same device that is used to access the website. When that happens, the attacker only needs to take control of one device in order to gain access. The user is simply trying to minimize friction, have a better user experience, and is often unaware of the risk.”
Of course, if a tablet and a phone are carried in the same bag, a street attacker will get access to both devices simultaneously.
“On the other hand,” continued Oliveira, “if the authenticator is stored on a different device — as it should — the user has to authenticate to that device, open the authenticator and then type the new TOTP code. Unfortunately, doing this routine throughout the day causes a break in productivity and concentration. And a high effort attacker can find ways to defeat the TOTP by hijacking the browser, DNS entries and other similar techniques. Causing this much friction, the authenticator discourages the user which leads to unsecure habits.”
To read the full article visit Security Week.
Click here to more about Acceptto’s Continuous Cognitive Authentication Solution.