Cybercriminals' aggressive targeting of smartphones is weakening the crux of many organizations' security procedures: text-based, multifactor authentication.
MFA is a process that requires people to provide a second form of identification besides a password. A popular example is having a code texted to your phone.last year from S&P Global, commissioned by security tool provider Yubico, that their company's IT staff and network administrators used text messages for MFA.or by sending phishing emails directing people to fake login pages that collect their one-time codes.
And there's little to nothing that can be done to stop hackers from targeting phones and getting better at persuading victims to give into demands, says Angel Grant, vice president of security at F5.In the absence of a good solution to stop phishing and spam texts, security experts have been pushing organizations to pursue more device-specific solutions., which are essentially USBs that users tap to their device to verify their identity.