Rise of Token Theft: Securing Your Business with Phishing-Resistant Authentication

Approx. Reading Time: 2 minutes

With the Internet Archive experiencing its second breach in just a few weeks, it highlights the urgency of certain critical topics not being discussed enough. The first major question to address is, after an initial breach has occurred, what should we do to prevent a second breach? The questions often asked are what and how authentication tokens are stolen and how we can prevent it from happening to us.

Authentication Tokens

Authentication tokens are part of Multi-Factor Authentication (MFA). They are generally cookies that allow you to log in without needing to authenticate at each logging. The lifecycle of these tokens is generally between 14 and 30 days. However, authentication tokens are vulnerable to theft.

How Are Tokens Stolen?

As MFA usage has become more mainstream, threat actors have evolved in their tactics and methods. These actors discovered that if they could secure a copy of the authentication token, they could bypass MFA while that token remained valid.

It all starts with a phishing email and a malicious link for the user to click on. Once clicked, the fake link directs the user to a proxy website, redirecting them to a legitimate login page such as portal.office.com.

As the user enters their credentials to authenticate the MFA token, the user will be sent to verify the login. This is where the proxy website hiding in the middle will see the token and take a copy of it.

Phishing-Resistant Authentication

From here, the threat actor can gain access to the account to undertake various activities that often go unnoticed. This is because many think enabling MFA makes it impossible for threat actors to log in. However, this is not always the case.

How do we stop it from happening?

As threat actors evolve to compromise older security controls, so, too, should the security recommendations evolve. MFA authentication methods such as SMS, phone calls, and emails are no longer recommended and should be removed as an available option for users. However, stolen tokens affect the current industry-recommended options such as authenticator apps (Microsoft Authenticator, DUO, Google Authenticator, etc.). The answer to token theft is Phishing-resistant authentication.

Phishing resistant Authentication

Phishing-resistant authentication is a small number of options that leverage physical hardware as part of its authentication. The MFA token authentication will fail without the physical hardware, and the hardware cannot be faked. At present, several options exist in this space, including the following:

  • FIDO2
    • A physical USB-type key, such as a Yubikey.
  • Passkey
    • This is a managed mobile device setup that acts as a hardware key.
  • Windows Hello
    • It’s similar to a passkey but machine-based.

Each solution has pros, cons, and potential costs; thus, it is important to understand what options are best for you and your business.

At Netier, security is our core and our passion. Security starts with a conversation, not a checklist. As threats evolve, we regularly audit and improve security controls to meet them, ensuring that our clients remain secure today and into the future.

When did your security provider last check that your controls could meet the current threat landscape? 


Netier can help keep your business safe

Discover how phishing-resistant authentication can keep your business safe. Visit our Cyber Security page, and let’s strengthen your defences together.

Author
Derek Ingram

About the author

Search

Resources

Bouncing back from a cyber attack: Building resilience for a growing business

Services

Netier Managed Services

Managed IT Services

Related blogs

The Cyber Security Bill 2024: What Australian Businesses Need to Know

Secure Your SME with Expert IT Compliance & Information Security Solutions

Stay Local, Stay Connected: Benefits of Choosing Managed IT Services in Canberra

Categories