Online-Training: Two-factor authentication

Two-factor authentication protects your accounts from hacking attacks. But did you know that there are different flavours of two-factor authentication?  And that not every one of them offers the same level of protection? 

In this video we focus on these questions.  We explain the four most common types of two-factor authentication (2FA): U2F tokens, authenticator apps, authentication prompts, and SMS.  We explain how they protect you against hackers and how they work in background.  We also show how advanced phishing attacks might try to circumvent 2FA, and which 2FA method protects best against these attacks. 

 You can find the sources mentioned in the video sorted by time at the bottom of this page.

Sources in the Video

All Sources used in the video with timestamp

0:36 www.zdnet.com/article/nist-blog-clarifies-sms-deprecation-in-wake-of-media-tailspin/
0:45 landing.google.com/advancedprotection/
1:28 twofactorauth.org
3:04 fidoalliance.org/specifications/
5:27 developers.yubico.com/U2F/Protocol_details/Key_generation.html
6:56 www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
6:67 seclists.org/fulldisclosure/2006/Oct/316
6:58 www.enisa.europa.eu/media/news-items/operation-black-tulip/view
7:12 security.googleblog.com/2019/05/titan-keys-update.html
7:18 www.wired.com/story/chrome-yubikey-phishing-webusb/
7:20 nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-keys-after-finding-security-flaw/
9:07 tools.ietf.org/html/draft-mraihi-totp-timebased-08
9:12 play.google.com/store/apps/details
9:16 play.google.com/store/apps/details
10:16 www.scmagazineuk.com/icelands-largest-phishing-campaign-imitated-police/article/1496102
11:03 www.cnet.com/news/text-message-database-reportedly-leaked-password-resets/
12:15 twofactorauth.org
13:04 www.zdnet.com/article/nist-blog-clarifies-sms-deprecation-in-wake-of-media-tailspin/
13:15 arstechnica.com/information-technology/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
13:20 arstechnica.com/information-technology/2015/03/mris-show-our-brains-shutting-down-when-we-see-security-prompts/
15:42 landing.google.com/advancedprotection/
16:37 github.com/drk1wi/Modlishka
16:42 github.com/muraenateam/muraena
16:47 en.wikipedia.org/wiki/Reverse_proxy
17:54 www.kaspersky.com/blog/ss7-hacked/25529/
18:16 www.kaspersky.com/blog/ss7-hacked/25529/
18:35 www.ptsecurity.com/upload/ptcom/SS7-VULNERABILITY-2016-eng.pdf
18:44 www.thedailybeast.com/you-can-spy-like-the-nsa-for-a-few-thousand-bucks
19:11 www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/
19:20 www.fbi.gov/contact-us/field-offices/sanfrancisco/news/press-releases/fbi-san-francisco-warns-the-public-of-the-dangers-of-sim-swapping
19:34 threatpost.com/new-banking-trojan-targets-android-steals-sms/110819/
19:46 cups.cs.cmu.edu/soups/2012/proceedings/a3_Felt.pdf
20:14 support.google.com/accounts/answer/185839
20:21 www.techradar.com/news/two-factor-authentication-vs-two-step-verification-youve-probably-missed-this-tiny-difference

to top