How Laziness Got Uber Hacked
These days it seems like every time you turn around there’s another data breach in the news. In September, ride sharing service Uber was the latest victim of a hack that exposed the personal information of millions of users. And while Uber has been quick to downplay the incident, saying that no financial information was accessed and that they “take these types of incidents very seriously,” it’s still a major concern for users who are worried about their privacy.
What is MFA Fatigue?
What many people don’t realize is that data breaches like this one are often the result of something called “multi-factor authentication fatigue.” In Uber's case, the contractor got asked repeatedly if he was trying to log in, and said "no" but then got bombarded with many more MFA (multi-factor authentication) notifications that he eventually said yes.
Last Pass, the password management system had a similar breach several months ago, where a hacker posed as a developer after repeatedly asking for MFA access. Attacks like this are becoming increasingly more common as security becomes more complex.
It should be noted that MFA is a huge advancement in online security, with many enterprises adapting MFA or Two Factor Authentication (2FA). In theory, it's beneficial to businesses to have but more employee education and a secure blockchain-based system is necessary to ensure these situations do not happen and compromise valuable data.
MFA spammers rely on your "annoyance" with the MFA system and continually bombard a person with notifications until you give in and accept. Many people assume there's a glitch in the system, or their notifications are being weird, and just hit "OK" to silence them.
"MFA fatigue poses a serious threat to organizations because it is a fairly trivial way for a patient attacker to gain access to private company resources," Stephanie Aceves senior director of products management at Tanium, told The Register, noting that it targets the most significant risk to enterprises – people who can be manipulated.
How MFA Hackers Win
These hackers and spammers rely on our laziness to hack businesses and steal client identities and information.
As a society, we want things done as quickly as possible, with the least amount of clicks as possible.
Do you quickly "Accept All Cookies" without reading the fine print?
Do you hit "Ignore" when Google tells you you have 187 similar passwords?
Many of us don't want to input our credit card # every time we purchase something, we want it saved in our phone so we don't have to get off the couch. (Guilty!)
So how do we combat the ever continuing struggle of laziness and manipulation but wanting the best security for our information? How do businesses ensure their client information stays where it should be?
Enter BlockCerts. Not only can individuals download the BCERTin wallet, a digital wallet to keep their passwords and private keys secure, businesses can also use WorkCERTin, a blockchain based platform to collaborate with clients, employees and more.
Digital Wallets > Laziness
What does a digital wallet do? Digital Wallets store passwords and keys to your information off the internet. Meaning, if you were the victim of a data breach and your information was stored in a digital wallet, it wouldn't be accessible.
BCERTin Wallet by BlockCerts not only stores passwords, it also comes with a set of amazing tools powered by tokens to manage your business & life with unlimited cloud access. You can find credit card information, passwords and more without ever having to leave your couch.
No longer can we use laziness as an excuse for security breaches when the BCERTin wallet makes being responsible a breeze.
How Businesses Can Combat MFA
In the instance of a business, WorkCERTin allows you to securely share documents and communicate with clients without fear of hackers infiltrating your information.
BlockCerts also offers MFA within their platform, ensuring that even if one factor is compromised, the others will still keep your information safe. WorkCERTin includes MFA, but in a more secure and efficient manner.
Instead of getting bombarded with notifications every time you log in, WorkCERTin allows for a secure login using multiple factors that are not easily manipulated by hackers or spammers.
Multi-factor authentication fatigue is real and it’s becoming increasingly more common as we try to juggle multiple apps and services in our busy lives. But by taking some simple precautions—like like downloading the BCERTin Wallet and using WorkCERTin—you can help protect yourself and your company from becoming victim of a data breach.
Download the BCERTin wallet for desktop here
Download the BCERTin wallet in the app store here
Learn more about how WorkCERTin can secure your business here
To enable comments sign up for a Disqus account and enter your Disqus shortname in the Articulate node settings.