A new study suggests that two-factor authentication may not be the ultimate solution in protecting our online profiles.
Most modern websites and apps offer two-factor authentication to protect their user's profiles. According to a new study, the 2FA method was one of the most promising safety tools, but it's not as powerful as previously thought. The two-factor authentication attacks are more sophisticated and effective than it was before.
We need something better; it looks like facial recognition and biometric identification systems will probably replace 2FA at some point.
Palo Alto Networks and Stony Brook University have jointly developed a new machine learning process that hunts for man-in-the-middle threats.
The man-in-the attack works like this; the hackers duplicate the website after capturing security cookies exchanged with users and obtaining necessary authentication information.
This research indicated that these faker sites have effectively avoided the blocklist among identified threats; 47% of all domains had been previously banned, and only 19% of IP addresses were identified. Furthermore, these attacks can last for months while the unsuspecting user is just trying to browse their usual web pages.
The new protection method is expected to be 99% accurate, and it has already identified thousands of man-in-the-middle phishing websites.
The new defense mechanism is called PHOCA, which is Latin for the seal-like hunting method due to the sophisticated techniques used by this new defense tool.