Security News > 2022 > October > 2FA is over. Long live 3FA!

In the past few months, we've seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication, challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks.

For over a decade now, implementing 2FA/MFA has been considered the best-practice solution organizations must implement against account hijacking attacks, whether those were based on phishing, brute force, password theft, or any other fraudulent way of obtaining login credentials.

An app push approval uses strong protocols to validate a one-time token, but an attacker using that validation in the right time window will still be able to take over the account.

With time being the only limiting factor, as motivation grew, attackers developed the technology and the practices to carry out those attacks in near real-time, allowing them to hijack accounts much the way they did before 2FA was implemented.

Hopefully, as the industry increases the adoption of these 3FA solutions, the vendors will allocate the resources needed to perfect them, making them the default way to go and challenging attackers to come up with new techniques.

It is now clear that implementing third-factor hardware/device-based verification is the only way for organizations to protect themselves from phishing and other account takeover attacks, and therefore 2FA is over.

News URL

https://www.helpnetsecurity.com/2022/10/11/2fa-is-over-long-live-3fa/