Leveraging MFA to Prevent the Wrath of Phishing Attacks
By Enterprise Security Magazine | Wednesday, March 20, 2019
Recently, Intuit’s TurboTax application became another victim of a data breach. Victims of this particular attack had their information like social security numbers, address, date of birth, driver’s license number, previous tax returns, and other personal data compromised. That’s enough data for someone’s identity to be stolen. But even if a company takes the right precautions to use new and elaborate passwords, many of them can still fall victim to phishing and another social engineering attack where they may be convinced to giveaway their user credentials. A company needs to dwell into what they can do to better protect their user credentials. The answer is multi-factor authentication.
But as change is difficult for adoption, some corporations such as banks are still stuck with two-step verification which may sound a lot like two-factor authentication. Typically, this security protocol is premised on sending an SMS. Reddit database breach happened because SMS was used as a form of multi-factor authentication. Thus, enterprises are looking into different solutions that protect their data. Security solution providers have replaced SMS with OTP since the volume of the smart devices has increased. For instance, India’s Central banker mandated the use of multi-factor authentication for all payment networks. The payment companies were required to send the OTP number to the customers. The most significant advantage of OTPs over static passwords is that enterprises are not vulnerable to “replay attacks.” Security providers have also introduced alphabets in the security process. Especially in the net banking space, alphabets corresponding with the numbers that a customer needs to enter are generated for each session to keep the process secure. Moreover, security providers are adding blockchain to strengthen the security layer. They are experimenting with facial recognition systems to enhance the security dimension.
Data breaches will continue to increase as enterprises today provide several opportunities like BYOD due to the expansion of coworking culture, which in turn increases the risks. The security risk is bound to increase with the emergence of the Internet of Things. Therefore, investments in security need to increase. Multi-factor authentication will shield the enterprises from the growing threat of the data breaches. After GDPR and PCI DSS, regulation and compliance are bound to expand; as a result, multi-factor authentication will continue to grow.
Check out: Top Multifactor Authentication Companies.