Hacking Multifactor Authentication

"A thoughtful demonstration that, like all security technologies, MFA is not a panacea."
?BRUCE SCHNEIER

"Roger provides example after example that there is no silver bullet computer security defense. MFA alone will not protect you against sophisticated adversaries. The real problems behind computer security involve people and making the appropriate risk decisions."
? KEVIN MITNICK

DISCOVER THE STRENGTHS AND WEAKNESSES OF MULTI-FACTOR AUTHENTICATION

So-called "experts" point to multifactor authentication (MFA) as the solution to most hacks and breaches. But, far from being the unhackable, off- the-shelf panacea they're widely touted to be, MFA systems require careful planning and design in order to be properly secured and not fall prey to the dozens of real-world MFA vulnerabilities Roger A. Grimes details in Hacking Multifactor Authentication.

Administrators and users of multifactor authentication systems will learn that all MFA systems can be hacked, most in at least five different ways. Anyone telling you MFA can't be hacked is either trying to sell you something or naïve. Either way, you'll want to avoid their advice.

You'll learn how to mitigate the most common MFA security loopholes to prevent bad actors from accessing your systems. Readers will learn to quickly and comprehensively evaluate their own MFA solutions to assess their vulnerability to the known hacking methods.

This book provides real-world example MFA hacks and the practical strategies to prevent them. Perfect for CISSPs, CIOs, CISOs, and penetration testers, Hacking Multifactor Authentication also belongs on the bookshelves of any information security professional interested in creating or improving their MFA security infrastructure. Learn:

• How MFA works behind the scenes and how to hack it
• The strengths and weaknesses of different MFA types
• How to develop or pick a more secure MFA solution
• How to select the best MFA for your environment out of the hundreds available