Two-factor Authentication is Broken. Let’s Fix it.
Customers expect you to protect them, and the brands that offer the highest levels of protection will build the highest levels of customer trust and loyalty.
But fraudsters move fast, as we’ve seen with the rapid rise of banking trojans—malware bots that infect a victim’s device and grant access to all their personal information, credit cards, and mobile banking apps. The rapid growth of FluBot, TeaBot, and most recently SharkBot, shows that criminals have latched on to another way to exploit SMS OTP vulnerabilities.
Companies need to move quickly to update their security measures to address these threats and rebuild trust with their customers. But first, it’s critical to understand how SMS-based 2FA gets exploited by fraudsters and why possession-based authentication itself can be dangerous.