Skip to Content.
Sympa Menu

assurance - RE: [Assurance] can two-factor be hacked ?

Subject: Assurance

List archive

RE: [Assurance] can two-factor be hacked ?


Chronological Thread 
  • From: Etan Weintraub <>
  • To: "" <>
  • Subject: RE: [Assurance] can two-factor be hacked ?
  • Date: Tue, 11 Mar 2014 15:09:06 +0000
  • Accept-language: en-US

Truthfully though, nothing will protect you from every vector of attack. The
main thing that a lot of people overlook is response time to closing a
vector. Part of that is knowing how the attack is coming in, the other part
is having tools to quickly block it and handle the fall out (i.e. resetting
passwords of users, notifying users, locking them until they go through some
advanced steps, etc.).

-Etan E. Weintraub
Sr. Systems Engineer
Directory Architecture
IT@Johns
Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Suite 3110B
Baltimore, MD 21209
Phone: 410-735-7945
E-mail:


-----Original Message-----
From:


[mailto:]
On Behalf Of Jones, Mark B
Sent: Tuesday, March 11, 2014 11:05 AM
To:

Subject: RE: [Assurance] can two-factor be hacked ?

Right. So, in summary, MFA is a good worthwhile defense, but will not
protect you from every vector of attack.

> -----Original Message-----
> From:
>
> [
> ]
> On Behalf Of Cantor, Scott
> Sent: Tuesday, March 11, 2014 9:34 AM
> To:
>
> Subject: Re: [Assurance] can two-factor be hacked ?
>
> On 3/11/14, 3:20 AM, "Jones, Mark B"
> <>
> wrote:
> >
> >As far as the original question. It seems to me that MFA is a good
> >defense.
>
> Then I think you misunderstand the question, it's the exact scenario where
> typical OTP approaches to MFA do not solve the problem. A MITM attack
> against all legs can simply steal and play the OTP to obtain a session.
> Normally it's done innocently as in this case, but it can be done as an
> attack.
>
> -- Scott



Archive powered by MHonArc 2.6.16.

Top of Page