If they were able to surreptitiously return the original key to you, you'd be none the wiser and open to persistent attacks. Then, so long as they also have your login credentials, they would be able to gain access to whichever accounts you've protected with it. This new vulnerability doesn't change that, because a hacker needs access to the physical key, but it shows that if a bad actor did manage to get ahold of your 2FA key, there are certain methods they could use to clone it. That prevents hackers from accessing your accounts who may have found the credentials online, or stolen them from you through phishing attempts. Using such a tool, authenticating into an account requires the username, password, and physical possession of the hardware key. Nothing is airtight - Two-factor authentication (2FA) security keys like Titan are considered the strongest form of online security. Researchers at security firm NinjaLab have identified a vulnerability in Google's Titan security key that makes it possible to clone it, opening up the possibility that a hacker could gain covert access to a victim's online accounts, entirely unbeknownst to them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |