Even if a hacker accesses your password of a 2FA protected account, they will not be able to log in to your account without the 2FA codes. The point of all of this is to illustrate the need to ensure that we protect our user accounts since there is usually sensitive data stored in them that could be used against us if accessed by a hacker.ĢFA puts another barrier of defense, other than your password, between you and hackers. Hackers also get up to other malicious activities like accessing the sensitive information of governments. This year alone, some major breaches involving credit card information have occurred. With access to this information, hackers can then use it to go on shopping sprees. One of the most common goals of a cyber attack by hackers is to access users’ credit card information. Once they steal the login credentials data, the data dump is usually up for sale in the darker corners of the web. Well, the fact is that these days hackers are quite persistent in finding loopholes to steal user credentials. Many services won’t even let you sign up if you don’t create a strong password containing at least 6 characters which are a mix of lowercase and uppercase letters with symbols and numbers thrown in there as well.įor this reason, you might be wondering why it’s even necessary to go through the hassle of setting up 2FA. There are a few apps out there that can accommodate this.īefore we jump into reviewing these apps, let’s take a closer look at why 2FA is essential. I can also open Internet Explorer and Edge and get right into O365 without ever typing a password just by having a computer (without login password) and a locked iPhone.Instead of using an app, you can generate 2FA codes directly on your Windows 10 computer. Login without entering password since it is auto-filled. The user open a resource, like Outlook Online, just click Swipe the push on the users device (not uncommon to be on a desk inside the office)Ī user have the password auto-filled in their browser. Bad actor tries to open a resource, in my case through Visual Studio just click the already authenticated account (no password required).Ģ. Isn't this really insecure? This means a bad actor can access do multi-factor approval from a locked phone from a browser that is pre-authenticated.Ī user is logged in on Windows 10 with the Azure AD account in Windows. I noticed you can approve a request by swiping the push notification from a locked iPhone screen on iOS and approve a login request.
We're using the Microsoft Authenticator App for providing Multi-factor authentication (MFA) to resources protected by Azure AD.
0 kommentar(er)
