Hackers managed to bypass the protection of the British Gimli

I thought authentication is a great step to enhance the security of the connection to the internet since its existence, instead of one password to log in to the account, like Gmail, you need to confirm the registration process to enter a secret code to the second variable, it is sent to your phone every time you try to login to a local account.

So the hacked website by the login data to the account of the protected interests of the bilateral relationship can not be disappeared from the login to the account unless it finds a way to get out on the authentication code the second, and here comes the story of the news of the day: Amnesty International reveals a breakthrough method hacker accounts Gmail local realm authentication.

According to a report of amnesty to pirate began to use the automated process starts with the password to a Gmail account via a phishing site, and then use it to login on Gmail account, what does the system credibility and binary send you a confirmation code, which the user is handed over to the backup location..

So hackers log in to the account of the victim, then they cancelled the system of authentication that in the case of Gimli does not require the process of confirmation from the user, then the hacker create application-specific passwords and password high for use in accessing the accounts that are used-factor authentication without the need to re-authenticate every time.

During 2017 and 2018, the hacker targeted thousands of accounts of Google and Yahoo in the Middle East and North Africa, according to Amnesty International, most of the target from the UAE, Egypt, Yemen, and Palestine.

Despite the fact that this news opens the discussion on how secure is authentication, but no doubt they way to safety is more effective than authentication normal password-fixed it is always advised to do.

I know of

Leave a Reply

Your email address will not be published. Required fields are marked *