Skip to main content

Users: before you use two-factor authentication, make sure the admins do!

(0 comments)

Dropbox is the latest internet-based service to suffer a mega-breach.  

Once again all the users are urged to use two-factor authentication to protect their accounts. 

But here's the problem:  if the privileged users and administrators of these services aren't using two-factor authentication, then it doesn't matter.

These mega-breaches of millions of passwords didn't happen because users were attacked -- the sites were breached.   If the sites are breached again, it won't matter that users have two-factor authenticaiton. 

Take the recent Onelogin breach:

  • We subsequently discovered evidence that an unauthorized user gained access to this system by compromising a OneLogin employee’s password for that system.

Onelogin, a service that provides two-factor authentication, doesn't protect critical user data with two-factor authentication. Nor do they even list implementing two-factor authentication for privileged users as a post-attack remediation action!

This is why we say that urging users to adopt two-factor authentication feels like blaming the victim.  

 

 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom