MFA is No Cure for Phishing

This topic contains 0 replies, has 1 voice, and was last updated by  Erich Kron 6 months, 1 week ago.

  • Author
  • #171150
     Erich Kron 

    EH-Net - Kron - MFA is No Cure for Phishing - YubikeyLast year my Twitter feed became full of stories and retweets about how Google “solved the phishing problem” using hardware multi-factor authentication (MFA) tokens. One such article covering this topic was “Google: Security Keys Neutralized Employee Phishing” by the venerable Brian Krebs. While I have a lot of respect for his work, I have to strongly disagree with the title of his blog post. If you haven’t already read the story, take a moment to familiarize yourself with it. I don’t want to be the one to crush your hopes and dreams, but, frankly, this is untrue.

    Before we get too far into this, I want to throw this out there and say that for the sake of this article, I use the term MFA loosely and as a synonym for 2-factor authentication (2FA). I will also mention that I am a fan of MFA and cover some information about MFA in a previous article I wrote for this column, “Credential Phishing – Easy Steps to Stymie Hackers”; however, it is not the cure for everything as some people seem to think. In my years doing sysadmin and information security work for the US Army and in the private sector, I have learned to appreciate the great things that MFA can do to secure systems and communications, something I have even covered in previous articles in this very column. I have also learned that it has its limitations as well. I want to go on record saying this, MFA does not solve the phishing epidemic.

    [See the full article at: MFA is No Cure for Phishing]

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?