Testing Two-Factor Authentication

More and more applications we test are implementing some form of two-factor authentication (2FA, sometimes known as multi-factor authentication or MFA). This post provides a whirlwind tour of common 2FA mechanisms and detailed information on testing them. How does 2FA Work? The general concept behind two-factor authentication is the pairing of two different types of … Continue reading Testing Two-Factor Authentication

Work daily with enforced MFA-protected API access

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Work daily with enforced MFA-protected API access 03 Apr 2015 - Loïc Simon AWS Security Token Service The AWS Security Token Service (STS) is the gateway used to create sessions when MFA-protected API access … Continue reading Work daily with enforced MFA-protected API access

Use and enforce Multi-Factor Authentication

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Use and enforce Multi-Factor Authentication 02 Apr 2015 - Loïc Simon What is Multi-Factor Authentication? When enabled, Multi-Factor Authentication (MFA) provides strong defense-in-depth against compromises of credentials. MFA-enabled users … Continue reading Use and enforce Multi-Factor Authentication