Don’t be a 2-factor 'phushover'

Don’t be a 2-factor 'phushover'

So, what if I told you that I have observed, through security data, seeing upwards of 4% or more percent of your employees could be negating the value of MFA by accepting unsolicited push notifications – effectively allowing a malicious actor to bypass the controls offered by that second factor? Another aspect to push notification that provides an extra security perk is that the end user can detect and report on fraudulent unsolicited requests. How can we detect when someone implements an automation tool to always accept a 2FA push and/or help raise awareness for those users who are likely to accept unsolicited 2FA pushes? The answer is found in creating phushing awareness, or two-factor push phishing awareness. Create a positive awareness follow up to educate users and focus on getting them to report invalid pushes as fraudulent. Notify your security operations center and help desk before a phushing campaign, and space out the pushes so that there isn’t a huge impact on the help desk. While there are numerous options, the push Mobile out of band method is growing in popularity because it is generally more secure, more user friendly, and has feedback options for fraudulent reporting. Despite this, there remains vulnerability, thanks to clever folks who look to automate the push interaction and those users who simply accept unsolicited push requests. Fortunately, most MFA providers have the ability to integrate via API, which allows a security team to create a phushing tool that can send fake push notifications to their users to build awareness. This will give the security team the data needed to reduce the risk associated to push vulnerabilities.




Next Article

  • Is Empathy The Key to Healthcare Collections in 2022?

    Is Empathy The Key to Healthcare Collections in 2022?

    Moving into 2022, healthcare collections have the opportunity to connect with patients on a human level – treating the patient with humanity and empathy as is done within the four walls of the exam …

    Posted Apr 18, 2022 Healthcare

Did you find this useful?

Medigy Innovation Network

Connecting innovation decision makers to authoritative information, institutions, people and insights.

Medigy Logo

The latest News, Insights & Events

Medigy accurately delivers healthcare and technology information, news and insight from around the world.

The best products, services & solutions

Medigy surfaces the world's best crowdsourced health tech offerings with social interactions and peer reviews.


© 2024 Netspective Foundation, Inc. All Rights Reserved.

Built on Dec 24, 2024 at 4:05am