Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google flaw exposes weakness in two-factor authentication

Antone Gonsalves | Feb. 28, 2013
Google tightened its two-factor security, but Duo Security recommends it restrict more privileges of individual application-specific passwords

"In addition, thick-client applications, the primary consumer of ASPs, are rather notorious for poor SSL certificate verification, potentially allowing ASPs to be captured on the wire via MITM [man-in-the-middle] attacks," Goodman said.

While Google's fix tightened its two-factor security process, Duo Security recommended it go further and restrict as much as possible the privileges of individual ASPs.

However, given Google's complex environment, ASPs will likely always have access to more than one service. "With two-factor authentication, it's difficult to get it right," Oberheide said. "Even Google, with all its wisdom and skill, can make mistakes."

Read more about access control in CSOonline's Access Control section.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.