Two-Factor Authentication - Hacking Techniques
Wright State recently made two-factor authentication mandatory for all faculty, staff, and students. This implementation improves our security posture, however as more and more companies implement this technology, hackers are developing methods to get by this security control.
There are currently two methods that are being used to get users to approve a fraudulent 2FA request. They are both similar in nature.
The first method floods a user with multiple 2FA requests in the hope the user will get frustrated and approve one of them.
The second method is subtler, in that the 2FA requests come in slowly over time. Again, the hope is the user will get frustrated and approve one of them.
It’s important to note that none of the above methods will work unless the user’s password has been obtained by the hacker. This emphasizes the need to protect our passwords.
If you experience any of the methods mentioned above, please immediately contact the CaTS Help Desk at 937-775-4827.