The Reddit incident or how to move beyond 2FA

In mid-June, an attacker broke into a few of Reddit’s systems and managed to access some user data using compromised employee accounts. It could be another data breach, but it’s not. Why? The compromised accounts were protected by SMS-based 2FA. Is basic two-factor authentication no longer enough?

Authentication Phishing

Bypass Two-Factor Authentication using real-time phishing

For some time, websites that used 2FA reported a significant drop in phishing attacks. However, as soon as new security technologies emerge, new techniques arise to exploit them. Real-time phishing is a tactic that allows scammers to bypass 2FA. How do they do it?