IDG News Services announced yesterday that a new version of the trojan Zeus virus has surfaced that can capture user name, password and as something new also one-time-passcodes from tokens and send them to a hacker via instant message. Tokens have been around for 20 years, so it is not a surprise that this approach now is under pressure from modern threats on the Internet.
Tokens come in two variations: one that has a code that changes every 2 minutes and ones that has a code that is valid until used. This new virus instant messages the code to the hacker real-time enabling also the time constrained tokens to be easily compromised.
The need for a new generation technology just got a lot more urgent. The new generation of solutions need to be challenge and session specific like SMS PASSCODE. Essentially, this new generation of solutions first validates a challenge in the shape of user name and password. Once validated, the system generates and sends a one-time-passcode via SMS to the users cell phone. That code is session specific – or in other words will only work for that specific login attempt and has no value to a hacker if snapped. This is a more secure approach that protect against these modern threats on the Internet.
Learn more at : http://www.networkworld.com/
Leearn more about SMS PASSCODE at www.smspasscode.com.
0 Responses to “New Malware compromises traditional token based two-factor authentication solutions”