Tofactor Authentication has been greeted as an important advance in network security, so we log in with confidence in sites like Gmail. Sites that once required an insecure password now need a complex password with another form of authentication from a mobile device, or implement other two-factor systems. But as with everything, two-factor authentication is not impenetrable to errors, and a new report from Amnesty International describes how hackers have been phishing two-factor codes.
Authentication with a two-factor system is two-step, as indicated by the name, and will typically involve asking a user to enter both a password and a code, either generated by or sent to a mobile device. This secure option actually helps prevent hackers from accessing user accounts if they have only accessed a factor, such as your password, if the webpage's data has been violated. But if you unknowingly give your two-factor code to a malicious person or a website, the system has been defeated.
The Amnesty International report found that hackers have begun to use an automated process that occurs during your first phishing password from a fraudulent website, so you send your password to Gmail, trigger a two-factor text message, and finally you've sent This message to the fake site.
Because some systems do not require a user to be authenticated to turn off the Two-factor, hackers can quickly get rid of your account. Even without having full control over an account, hackers can generate app-specific passwords, secondary passwords that can be used to access two-factor accounts without having to approve each time.
While the news is not a reason to free up two-factor systems you are currently hiring, we still recommend turning on two-factor authentication for websites offering it's proof that no security system is impenetrable.