Hacking Multifactor Authentication (eBook)
576 Seiten
John Wiley & Sons (Verlag)
978-1-119-65080-5 (ISBN)
Multi-Factor Authentication (MFA) is spreading like wildfire across digital environments. However, hundreds of millions of dollars have been stolen from MFA-protected online accounts. How? Most people who use multifactor authentication (MFA) have been told that it is far less hackable than other types of authentication, or even that it is unhackable. You might be shocked to learn that all MFA solutions are actually easy to hack. That's right: there is no perfectly safe MFA solution. In fact, most can be hacked at least five different ways. Hacking Multifactor Authentication will show you how MFA works behind the scenes and how poorly linked multi-step authentication steps allows MFA to be hacked and compromised.
This book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You'll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers') needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book.
* Learn how different types of multifactor authentication work behind the scenes
* See how easy it is to hack MFA security solutions--no matter how secure they seem
* Identify the strengths and weaknesses in your (or your customers') existing MFA security and how to mitigate
Author Roger Grimes is an internationally known security expert whose work on hacking MFA has generated significant buzz in the security world. Read this book to learn what decisions and preparations your organization needs to take to prevent losses from MFA hacking.
ROGER A. GRIMES is a computer security professional and penetration tester with over three decades of experience. He's an internationally renowned consultant and was the IDG/InfoWorld/CSO magazine weekly columnist for fifteen years. He's a sought-after speaker who has given talks at major security industry events, including RSA, Black Hat, and TechMentor.
Introduction xxv
Who This Book Is For xxvii
What Is Covered in This Book? xxvii
MFA Is Good xxx
How to Contact Wiley or the Author xxxi
PART I Introduction 1
1 Logon Problems 3
2 Authentication Basics 33
3 Types of Authentication 59
4 Usability vs Security 101
PART II Hacking MFA 121
5 Hacking MFA in General 123
6 Access Control Token Tricks 141
7 Endpoint Attacks 163
8 SMS Attacks 181
9 One-Time Password Attacks 205
10 Subject Hijack Attacks 227
11 Fake Authentication Attacks 245
12 Social Engineering Attacks 259
13 Downgrade/Recovery Attacks 275
14 Brute-Force Attacks 295
15 Buggy Software 307
16 Attacks Against Biometrics 325
17 Physical Attacks 357
18 DNS Hijacking 377
19 API Abuses 399
20 Miscellaneous MFA Hacks 425
21 Test: Can You Spot the Vulnerabilities? 431
PART III Looking Forward 453
22 Designing a Secure Solution 455
23 Selecting the Right MFA Solution 473
24 The Future of Authentication 493
25 Takeaway Lessons 509
Appendix: List of MFA Vendors 521
Index 527
| Erscheint lt. Verlag | 28.9.2020 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | Computer Science • Hacking • Informatik • Multi-Faktor-Authentifizierung • Networking / Security • Netzwerke / Sicherheit • Netzwerksicherheit |
| ISBN-10 | 1-119-65080-1 / 1119650801 |
| ISBN-13 | 978-1-119-65080-5 / 9781119650805 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Größe: 64,1 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
