background image

Blog

Is 2FA Enough?

certification

At a time when hackers are devising newer ways to breach account and device sanctity, securing the digital domain has become imperative. While there are several ways to keep the attackers at bay, an additional layer in the form of two-factor authentication (2FA), also known as multi-factor authentication (MFA), can augment your digital security.

What is two-factor authentication (2FA)?

In simple terms, a factor is a method of convincing a computer system or an online service that you are who you claim you are so that the system can assess whether you have the necessary permissions to access the data and services. 

The username/password pair is the most prevalent authentication factor today, and because most accounts just require a password for access, most systems employ single-factor authentication. To gain access using two-factor authentication, you must both supply a password and establish your identity in some other way.

How does 2FA work?

Under 2FA, a user will first input their login and password. Then, instead of receiving quick access, they get a prompt to submit supporting information which is considered a second factor. This could be:

  • Knowledge or something you know:

    This could be a PIN, security questions or a unique typing pattern.

  • Possession or something you have:

    This could be something physical like a credit card, smartphone or USB drive.

  • Biology or something you have:

    This could be a fingerprint, voiceprint or even an iris scan.

Even if hackers crack your password, 2FA ensures that an account takeover is not easy. 2FA has shown resilience to automated assaults, making attempts to breach more difficult.

While there are many hacking groups keeping cybersecurity teams on their toes across the globe, a group going by the name DEV-0537 or LAPSUS$ has set new benchmarks in notoriety. DEV-0537 used two main approaches to fulfill MFA requirements - session token replay and employing stolen passwords to trigger simple-approval MFA requests, hoping that the genuine user of the breached account would eventually consent to the questions and give the required approval. DEV-0537 then follows up on its attacks by brazenly boasting about its exploits on social media. While a teen was arrested for masterminding high-profile attacks through LAPSUS$, the group’s methods have left the tech companies worried. Besides using social engineering tricks to con the staff of target firms, researchers claim DEV-0537 bribed employees (insider attack) into parting with MFA or 2FA credentials to breach the security perimeter.

Insider Threats Are Increasing

The instance of insider attacks has seen a surge, with a study pointing out that insiders were responsible for 60% of data breaches. Holding your data hostage through ransomware, either by breaching security or bribing an employee, is becoming increasingly popular in the corporate world.

The efficacy of this strategy makes it a preferred tool for both amateur hackers and major state-sponsored hacking organizations. Ransomware as a service is a way hackers try to profit through ransomware. This is comparable to a Cloud software subscription service, but here, the use of the software is aimed at making it simple for anybody to launch a ransomware assault.

Security training for employees

2FA is a great way to add an extra layer of security to your accounts, but it is not enough on its own. While 2FA can protect your organization from some of the more sophisticated attacks, it is not a cure-all. In order to mitigate all possible risks, you should ensure that your employees are fully trained in cybersecurity best practices and that they understand the importance of keeping their login information safe.

Conclusion

2FA is a great way to add an extra layer of security to your accounts, but it is not enough on its own. In order to keep your data safe, businesses can provide security training to employees and make sure they understand the importance of keeping their login information safe. Furthermore, businesses should consider using a multi-factor authentication solution that incorporates additional layers of security.

Packetlabs Services: AD Password Audit

Packetlabs also offers a comprehensive AD password audit, which includes a complete review of all company passwords. This review includes:

  • Overall risk level

  • Top used passwords

  • Top used base words

  • Character sets

  • Password length

  • Comparison of passwords against breach databases

  • Tailored recommendations

  • And more!

Contact us today to learn more about Packetlabs AD Password Audit.