Enterprise Solutions [Go to GAT Labs for Education solutions here]

Cyberattackers can now disable two-factor authentication: How to outsmart them?

disabling two factor authentication

See GAT Labs
in action

Table of Contents

Is Two-factor authentication (2FA) enough to secure access management?


‘’Make sure to enable and enforce two-factor authentication’’ — That’s always been our best advice, and don’t get me wrong, it still is.

However, a few recent developments may have tipped the scales a bit in the favour of cyberattackers.

In early July of 2020, amid the continued global adoption of remote work, the cybersecurity world was startled by a ‘novel’ incident that managed to turn off 2FA for a company called Amos WITHOUT actually going through the enabled 2FA step.

In other words: Attackers managed to make 2FA redundant, casting security doubts around its effectiveness.


Hacking 2FA – How did they do it?

Normally, when 2FA is enabled, any attempt to log-in from an ‘’unfamiliar device’’ requires additional verification (ex: using a code, text you receive on your phone, email, etc.). Without successfully passing that second step, access is denied.

However, there are TWO important factors to consider here:

1. Human error

Human error is the most common security scenario and why we always emphasize the importance of having a cloud security tool to get your it happens.

✅ In this scenario, Amos used a service called ‘NoMachine’ to access virtual desktops remotely. The problem occurred when Mr. Amos, who used NoMachine to operate the virtual desktop of macOS, saved his login information to Safari after logging in to his Google account from there. Which he admits ‘’shouldn’t have been done’’.

2. Google’s Password Manager

Everyone loves password managers. They ‘delightfully’ prevent you from having to re-enter those passwords on and on, especially when you’re in a rush or can’t quite remember your password.

But here’s the catch: Disabling Google 2FA doesn’t need 2FA if you’re already logged in.

When Mr. Amos logged in, Google had cached a recent session token on their machine. Attackers were then able to re-use the cached password in Safari auto-fill, refresh the session token, and subsequently, disable 2FA on that account.


Two-factor Authentication VS Constant User Identity Verification

So how to outsmart attackers even when human error plays its part?

Simple, by making identity verification ‘Constant’ rather than a single event at log-in using Zero trust security

That way, even if attackers manage to get in, the constant verification mechanism will detect the imposter right away and kick them out of the session. 

How it works:

Constant identity verification works as the three-factor authentication mechanism (3FA) and keeps working in the background, throughout the entire session, while the user is logged in, to confirm their identity.

GAT’s ActiveID – Zero Trust 3FA

GAT’s ActiveID is the perfect example to explain how constant identity verification works.

ActiveID continuously learns and monitors the unique typing style of each user, actively verifying that the user behind the keyboard is in fact the user who is logged in, at all times, in Google Chrome. 

If an impostor is detected, a whole range of corrective actions can be taken. From alerting an Admin or Security Officer with a webcam shot of the ‘impostor’, to logging out the user.

Configure GAT Shield with ActiveID and it will instantly start learning who each user is, building a unique mathematical model for each user and using AI to process the live typing stream data, simultaneously monitoring and learning.


In Conclusion

Two-factor authentication remains an important security step and is certainly better than using username and password alone. 

However, as cybercriminals continue to figure out ways around traditional authentication methods, Zero trust solutions that offer constant identity verification become the more popular cloud security choice, especially for remote work security.

To learn more about GAT’s Active ID click here, or better yet, book a FREE Demo and have a GAT expert showcase the product to you in detail.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Google Workspace

Admin, Control your Google Drive File Sharing

Google Drive file sharing has gained a permanent position in the structure of many organisations’ daily functionalities of Google Workspace. Never before has file sharing …

Read More

Google Workspace Admins’ Most Liked Blog Posts in 2022

Google Workspace Admin, are you a lifelong learning fan?  If so, you are in good hands. Instead of looking for learning opportunities blindly somewhere, take …

Read More

New Year Gmail Clean-Up for Google Admins

It’s a moment of truth, Google Workspace Admin – did your domain users finish 2022 with a mess in their Gmail? If you said “yes”, …

Read More

Christmas Phishing Emails you Need to Watch out for

Every year online hackers improve their methods of tricking to use them during the festive season. Christmas phishing emails are one of the gifts no …

Read More