Author Topic: The Dark Side of 2FA/MFA  (Read 656 times)

0 Members and 1 Guest are viewing this topic.

Offline jpanhaltTopic starter

  • Super Contributor
  • ***
  • Posts: 4005
  • Country: us
The Dark Side of 2FA/MFA
« on: April 23, 2023, 10:11:42 am »
Very recently, I was on the AT&T site to open an account.  It was an HTTPS site and at sign-out, I got a pop-up offering a $15 rebate.  Turns out that was a scam.  It was possibly labeled "advertisement" inconspicuously.  I don't know.  The next pop-up was labeled advertisement and I exited, but probably too late.  I have also gotten such spontaneous offers from Amazon, but they seemed legitimate.

So the question is, as everything seems to be going to 2FA, what happens if you require 2FA in return?  That is, when some apparent big player calls you, before saying anything, require the caller to give a phone number that you can check and call back to gave give an access code.   How can the resulting impasse be avoided? 

Case on point, just yesterday, I got a robocall from my medical insurance company that wanted me to enter my birthday before giving me some "critical medical information."  I hadn't through it through at the time, and the call was probably legitimate, but the information given was hardly critical.
 

Offline mendip_discovery

  • Super Contributor
  • ***
  • Posts: 1024
  • Country: gb
Re: The Dark Side of 2FA/MFA
« Reply #1 on: April 23, 2023, 10:43:10 am »
Banks etc in my opinion have always failed to put in place a system to check they are who they say they are. They have called me before because of money I am spending and they ask for me to confirm who I am and seems irritated when I ask who they are.

It's worse if the scammers ring on a land line as the caller can keep the line open, so if you hang up and then try to dial your bank the bad people just wait and get you that way.

Going by the times YT types have been done via 2FA it just shows it's only a sticky plaster on a cut.
Motorcyclist, Nerd, and I work in a Calibration Lab :-)
--
So everyone is clear, Calibration = Taking Measurement against a known source, Verification = Checking Calibration against Specification, Adjustment = Adjusting the unit to be within specifications.
 

Offline Muttley Snickers

  • Supporter
  • ****
  • Posts: 2389
  • Country: au
  • Cursed: 679 times
Re: The Dark Side of 2FA/MFA
« Reply #2 on: April 23, 2023, 11:37:42 am »
Due to the infinite wisdom of Google, I've been locked out of my Google account which is linked to both my Gmail account and Youtube channel. I didn't do anything my end to lock myself out, Google made changes which has inadvertently locked me out of these accounts.   :o

The login pages keep asking for a recovery email which no longer exists and I didn't realise that anything would be affected when I switched ISP. It also asks for a recovery mobile number but none were ever required or given when I set up this account. I've been trying for days to access these accounts and it just keeps taking me around in circles.   ::)

Google is now just prompting me to create a new account but I didn't do anything to get bumped from my existing account. I'm at a loss and don't know of a way out of the situation that Google has created.   >:( 

 

Offline jpanhaltTopic starter

  • Super Contributor
  • ***
  • Posts: 4005
  • Country: us
Re: The Dark Side of 2FA/MFA
« Reply #3 on: April 23, 2023, 11:45:38 am »
"Keyboard failure, press F1 to continue..."
I had a similar problem with AT&T.   You need a mobile number to sign in, and it won't reveal your whole number until you sign in.  All I know is the area code and the last 4 digits.  The 3-digit exchange is shown only as asterisks.

Sadly, such is no surprise to me having worked with IT people for decades who viewed their jobs as running computers, not providing services to those who create the value that pays their salaries.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf