Posted by:
root
9 years, 6 months ago
Dropbox is the latest internet-based service to suffer a mega-breach.
Once again all the users are urged to use two-factor authentication to protect their accounts.
But here's the problem: if the privileged users and administrators of these services aren't using two-factor authentication, then it doesn't matter.
These mega-breaches of millions of passwords didn't happen because users were attacked -- the sites were breached. If the sites are breached again, it won't matter that users have two-factor authenticaiton.
Take the recent Onelogin breach:
- We subsequently discovered evidence that an unauthorized user gained access to this system by compromising a OneLogin employee’s password for that system.
Onelogin, a service that provides two-factor authentication, doesn't protect critical user data with two-factor authentication. Nor do they even list implementing two-factor authentication for privileged users as a post-attack remediation action!
This is why we say that urging users to adopt two-factor authentication feels like blaming the victim.
Share on Twitter Share on Facebook