Skip to main content

Users: before you use two-factor authentication, make sure the admins do!

Dropbox is the latest internet-based service to suffer a mega-breach.  

Once again all the users are urged to use two-factor authentication to protect their accounts. 

But here's the problem:  if the privileged users and administrators of these services aren't using two-factor authentication, then it doesn't matter.

These mega-breaches of millions of passwords didn't happen because users were attacked -- the sites were breached.   If the sites are breached again, it won't matter that users have two-factor authenticaiton. 

Take the recent Onelogin breach:

  • We subsequently discovered evidence that an unauthorized user gained access to this system by compromising a OneLogin employee’s password for that system.

Onelogin, a service that provides two-factor authentication, doesn't protect critical user data with two-factor authentication. Nor do they even list implementing two-factor authentication for privileged users as a post-attack remediation action!

This is why we say that urging users to adopt two-factor authentication feels like blaming the victim.  

 

 

Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom