“Anyone relying on two-factor authentication with a phone number who uses my company is vulnerable. It would take a determined attacker a day to get control of your number. All you’d notice was that your SIM stopped working. It would all be too late by the time you’d gotten a new one re-activated – and you’re still vulnerable.”
It is not that the two-step verification is a total failure, it really does make it difficult for hackers to cross this layer, but to be on the safe side, disable SMS for two-step verification and SMS for password resets. Instead use a two-step mobile app. It is necessary that you disable both, otherwise you are still vulnerable. And as Blakeman said, add a voice authorization code to your account and move all important accounts that allow password reset emails to a different address that does not contain your name.
Full Article
How Hackers bypassed Google’s Two-Factor Authentication
Userlevel 7
+52
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.