nDash.com is a content creation platform that provides brands and agencies with access to the world's top freelance writers.

Idea from Andrew Sanders

Andrew Sanders

Title

In IAM Fail, PayPal Let Attacker Bypass 2FA

Summary

Two-factor authentication is supposed to be the cornerstone of a good IAM strategy, but companies keep screwing it up. Text-message-based 2FA is already considered insecure, for example. Now, a security researcher has discovered another failure in the way that 2FA was implemented at PayPal. This article will run down the specific failure, and what other companies should take away from this.

Author

Andrew Sanders

Keywords

  • two-factor authentication
  • 2FA
  • IAM
  • Links

  • https://nakedsecurity.sophos.com/2016/10/28/paypal-2fa-bypass-how-did-that-get-past-testing/
  • https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/