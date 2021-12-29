2FA Authentication has been presented to us as the best security barrier that we can establish to protect our accounts. This mechanism is based on sending a code to an authorized device that we must enter, in addition to the password. The vast majority of the services we use on a daily basis insist that we use it, however, it seems that 2FA Authentication is not that secure anymore.

This approach has been brought to the table by a study conducted at Stony Brook University in New York. It lists the risks that this security option faces today and in the future.

Hackers have made 2FA Authentication less secure

Brian Kondracki, Babak Amin Azad and Nick Nikiforakis from Stony Brook University in New York, along with Oleksii Starov from Palo Alto Networks are the authors of this study. Their purpose is to analyze and find tools aimed at Pishing and Man In The Middle attacks and in that sense, they managed to find around 1200 of them for sale on the Dark Web. However, one of the most dangerous points in this matter is the fact that they have functions capable of circumventing 2FA Authentication.

To achieve this, these tools provide the possibility of obtaining an element that may be more important than passwords, 2FA Authentication cookies. In order to get hold of cookies, attackers can infect the victim with malware to steal data or make a direct Man In The Middle attack. The latter means that the attacker will capture the cookies when they are being sent to the website.

Once you have the cookies, the hacker can make use of it for as long as it is available by logging into the account in question. In this way, 2FA Authentication no longer seems as secure as it has always been presented. Also, the fact that these tools are available on the Dark Web makes this matter look like a time bomb.

This represents a significant challenge for the times to come, considering that 2FA Authentication is not as secure and we require new mechanisms.