Two New Tools Allow Hackers to Bypass Two-Factor Authentication

News 2fa Bypass Tools Featured

Being safe on the Internet is all about staying two steps ahead of hackers. Not too long ago we were encouraged to use two-factor authentication (2FA) as an extra layer of security over just using a password.

But now hackers have caught up to cybersecurity standards with two tools that are designed to bypass 2FA. Luckily, the cybersecurity team at Synopsys is providing us with details on how to keep our information safe from phishing attacks amidst the two new tools.

Bypassing 2FA

If you want to keep your data and information safe, you will have to continue to stay two steps ahead of the hackers. They are never going to rest until they have stolen your information, so you can’t stop either.

At the Hack in the Box conference in Amsterdam last month, a new hacking toolkit was presented. This included two new tools: Muraen and NecroBrowser. They are designed to automate phishing attacks that are intended to bypass 2FA.

Rehan Bashir, the managing security consultant at Synopsys, reports that this is yet another more sophisticated attack and that it is still based on phishing users. They’re still hoping for the same result — to get your information.

According to the 2018 Verizon Data Breach Incident Report, 98 percent of breaches occur during phishing attacks. Bashir notes this means “users are the weakest link when it comes to security.”

News 2fa Bypass Tools Hacker

However, Bashir suggests there are still ways to keep your information and data safe. He suggests following the “basic security practices” when reading emails and browsing the Internet.

“For example, be sensible when opening emails, do not click on shortened links in the emails or unsolicited text messages” that you may get on your phone. He also suggests always browsing using HTTPS and reading emails twice “to make a judgement if the content makes sense in the context” of the email that was received.

Aside from those basic practices, you should always do without fail, Bashir highly recommends using “USB-based 2FA for tighter security, as this new method cannot exploit 2FA based on Universal 2nd Factor (U2F) standard.//

Staying Safe

Again, there is never going to be just one method to follow to always keep your computing safe. Hackers are all around us. The only surefire way to not get your information stolen is to just stay off the Internet altogether. But that’s not much fun, is it?

While for right now using USB_based 2FA is the best way to keep your information safe, that’s not to say that will always be the case. But if you stay tuned to Make Teach Easier who will alert you to potential hazards and follow the advice of cybersecurity experts such as Synopsys, you’ll be able to stay those two steps ahead of hackers.

Do you use two-factor authentication Do these two new hacking tools that bypass 2FA alarm you? Let us know your thoughts on all this in the comments below.

4 comments

  1. “He also suggests ………… reading emails twice “to make a judgement if the content makes sense in the context” of the email that was received.”
    ??????????? If the email seems fishy before you open it the first time, WHY would you open it twice? Defies logic.

    1. You don’t have to open email twice to read it more than one time.

      1. The question still remains If the email seems fishy, why read it twice? Why not delete it before opening it for the first time?

  2. Would have liked more info on how the specified hacking toolkits actually get around 2FA, and on what USB based 2FA actually involves.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.