Virtualization Technology News and Information
Surfshark introduces two-factor authentication (2FA) to level up user security and prevent credential stuffing
Seeking to secure its users from increasingly prevalent credential stuffing cases, privacy protection company Surfshark introduced two-factor authentication (2FA) as a new security measure for password verification. With two-step authentication enabled, any attempt to log in to a VPN service will be accompanied by a six-digit passcode. Surfshark is the first VPN provider to offer 2FA as an optional feature, which decreases the likelihood that the user's password will be guessed using automatic tools. 

"The vast majority of recent breaches that made headlines are password-related. Every week thousands of leaked user IDs and passwords enter the dark web. Advanced hackers use software that can generate as many as 8 million password guesses a second. It takes up to a few minutes to crack an obscure and complex password that is made up of several different types of characters," explains Naomi Hodges, a cybersecurity expert at Surfshark. "Additional security methods such as 2FA help users protect their accounts from this kind of brute-forcing attacks."

An old attack method - brute-forcing - is still effective and popular with hackers as it requires little effort to perform. In a standard attack, a malicious agent chooses a target and runs possible passwords against that username, often using unabridged dictionaries and augmented words. 

"A trend of reusing the same passwords for different services and adopting poor security habits points to a broader problem - having an optimistic mindset that our credentials are not worth hacking. However, attacks such as credential stuffing take advantage of reused credentials, thus every password is a valuable asset," says Naomi Hodges. 

According to a Shape Security report, over 90% of login traffic comes from credential stuffing. A hacker uses leaked credentials from one site to gain unauthorized access to user accounts through large-scale automated login requests. It's even more dangerous than blind brute-forcing, where hackers try to take over accounts without having such a relatively precise context. 

Cybercriminals find matches between leaked credentials and accounts 0.1 to 2 percent of the time. However, once an account is compromised, the attacker can steal all information or illegally resell access to the platform to other people. 

"Last year, we launched HackLock, which operates as a breach detection mechanism to alert our users about leaks of their credentials such as email and passwords, prompting them to take the necessary security measures. Our user security remains one of the key things that we are working on to keep improving in 2020," says Naomi Hodges. 

Published Wednesday, February 26, 2020 9:30 AM by David Marshall
Filed under:
Surfshark upgrades its infrastructure to 100% RAM-only server solution : @VMblog - (Author's Link) - July 17, 2020 8:02 AM
Surfshark upgrades its infrastructure to 100% RAM-only server solution - (Author's Link) - July 19, 2020 1:53 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2020>