Skip to main content

J.P. Morgan caused by lack of two-factor authentication on one server

(0 comments)

This story is interesting because it shows that two-factor authentication would have (most likely) worked to prevent this devastating attack.  However, it also shows how hard it is for large organizations to actually implement security controls, especially given the use of third parties and  growing through acquisitions.

Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.

I suspect that in the coming year we will see a lot more automation and 'infrastructure as code' to help deal with this management issue.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom