Slashdot Mirror

← Back to Stories (view on slashdot.org)

JP Morgan Breach Tied To Two-Factor Authentication Slip

Posted by timothy on from the something-borrowed-something-blue dept.

itwbennett writes The attackers who stole information about 83 million JPMorgan Chase customers earlier this year gained a foothold on the company's network because a server reportedly lacked two-factor authentication, despite the company's practice of using two-factor authentication on most of its systems. The story, reported in the New York Times, echoes the warnings of security experts over the years that the breach of a single server or employee computer can put an entire network at risk.

3 of 71 comments (clear)

  1. Re:Why the banks support a standard 2 factor syste by Bengie · · Score: 3, Insightful

    Do you understand that using a single RSA style dongle for multiple places is a huge risk?

    If you have an infinite number of systems to log into, how many dongles is optimal, and how do you keep track of which dongle to use with which system? Where do I keep these dongles? My pocket is already uncomfortably full with a keyring with 4 keys and a fob on it. My other pocket has a smart phone.

  2. Re:open source 2 factor authentication? by mlts · · Score: 3, Insightful

    Google Authenticator is based on an open protocol. I can use Google's app, Amazon's, a number of various third parties, both open source and commercial available on the store/repo.

    Server-side, I can use the protocol on most Linux distros, there are ways to use it with Windows, even ESXi nodes can have this added in as protection.

    Yes, it might be Google code, but it is open source.

    Now, RSA's SecurID is a different beast. It is a closed source system, with special servers and seed codes requires. Its advantage is that it is time tested, virtually everything supports it (MS has had hooks for ACE servers since Windows Server 2000), and it has the FIPS/Common Criteria/etc. certifications which help when audit time comes around. However, it doesn't come cheap.

  3. Re:Banking IT by mlts · · Score: 3, Insightful

    I will differ there. The general population may not trust banks on one level, but they will keep their money in them. If the population truly didn't trust banks, precious metal prices would be spiking, and various ways of securing physical assets would be hawked from every street corner, the more amusing will be the ones, saying "just store your stash with me".

    The population gripes about banks, but when the rubber meets the road, the money still gets deposited in the checking account come payday.