eWeek:
Gartner points out where strong two-factor authentication is falling short when it comes to preventing fraud and online attacks.
Strong two-factor authentication is falling short, and businesses need to take notice, according to a report from Gartner.
In a new report, "Where Strong Authentication Fails and What You Can Do About It," Gartner analyst Avivah Litan contends that Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication and proving that any authentication method that relies on browser communications can be defeated. This includes chip cards and biometric technologies.
“Fraudsters have been raiding user bank accounts that seemingly were protected by strong two-factor authentication, but any sensitive Web application is similarly vulnerable,” she wrote. “In some cases, the malware copies the user's ID, password and OTP, and immediately uses them. Other times, the malware overwrites user transactions with the crook's transactions, unbeknownst to the user or service provider, e.g., the online bank.” [Read the whole article]
posted by: gqpartner
Comments