Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist has been writing about the topic of hacking 2FA and MFA for quite some time. And while it’s a good security practice — it is not unhackable. Think man in the middle and 11 other ways. (See Rogers article in today’s blog below). So is biometrics the holy grail? Likely but there have been lots of hiccups along the way in using these systems in consumer tech and quite a few stories about hacking consumer level fingerprint and facial recognition.
The story in Motherboard Vice describes the "Vein Authentication. hack. Who knew those purple little tubes that carry blood back to your heart have their own unique signatures. Read how they did it here.
For more down to earth real world common scenarios I suggest you read Roger’s blog about MFA.
You Must Know What You’re Clicking On Even With MFA
By Roger Grimes, KnowBe4’s Data-driven Defense Evangelist. I’ve been in computer security for over 30-years and I’ve been giving presentations nearly as long. And in that time, no talk has been as popular as my 12 Ways to Hack MFA . I’ve given the presentation dozens of times to many thousands of viewers.