Hardware keys needed to beat phishing: researcher

From itnews.com.au

Free Modlishka 2FA stealing tool published.

Phishing attacks have become sophisticated enough in exploiting weaknesses in multi-factor authentication systems that researchers are recommending the use of hardware keys for additional login security.

Tools to bypass standard multi-factor authentication where login codes are sent out-of-band are now readily available, allowing for automated attacks against user accounts.

At the beginning of January, developer and security researcher Piotr Duszyński published his Modlishka(mantis) reverse proxy on Github, which can be used to bypass the majority of two-factor authentication (2FA) systems in conjunction with phishing attacks.

Read more…