When was the last time you provided your mother’s maiden name to prove your identity to access an online account? Probably not that long ago. This type of online identity verification, known as knowledge-based authentication, is little more than a speed bump to the modern fraudster. More modern methods, such as SMS-based two-factor authentication, also have their own set of vulnerabilities that today's cybercriminals can exploit.
Simple social media searches can reveal the answers to supposed secret questions used by KBA solutions, and the 4- and 6-digit codes from SMS-based 2FA can be intercepted. Because cybercrime and the dark web have evolved and become far more sophisticated, traditional forms of authentication that were once effective can no longer reliably ensure that the person logging into their online account is the actual account owner. |
