How Threat Actors Bypass 2FA and What Preventative Steps You Can Take

Two-factor authentication (2FA, or MFA) is a security layer designed to verify the identity of those logging in to accounts. By sending codes to the person attempting to log in, the goal of 2FA is to authenticate users, but that doesn’t mean it’s an impervious cybersecurity layer.

Threat actors understand that certain tactics allow them to bypass two-factor authentication, including SIM card swapping and browser cookie theft. In fact, even Microsoft 365 and Gmail have been susceptible to threat actors bypassing 2FA codes and accessing different accounts.

Here are some ways threat actors can bypass 2FA on cell phones and some quick tips for mitigating 2FA cyber threats.


3 Ways Threat Actors Bypass Cell Phone 2FA

1. SIM Card Swapping

When threat actors try to bypass multifactor authentication, they seek to gain access to the code sent to phones. SIM jacking is one popular method threat actors use to get their hands on these codes.

SIM jacking is when a threat actor hijacks a SIM card and poses as the owner associated with the SIM card.

This method applies to digital SIM cards, not just physical ones. If a threat actor can convince a mobile phone carrier to add the hijacked number to their own phone, they can access everything the original owner was able to access, including the one-time password messages during MFA.

What You Can Do

Try to use non-SMS multifactor authentication, such as Google Authenticator, to avoid the code being sent to the number of the phone.

2. 2FA Code Access

Social Engineering and Phishing

Social engineering and phishing attacks are not new types of hacking techniques, and the same methodologies threat actors use to gain access to login credentials or data of an organization, are used to gain access to 2FA codes as well.

This may occur as email or text phishing or even voice phishing (vishing). The threat actor may pose as a trustworthy or authoritative figure, such as a phone carrier, asking for the mobile code that’s been sent to your phone. 

Reset Password Tactic

One common code-access tactic threat actors use is to “reset” passwords for their target. Surprisingly, there are many websites that don’t have a second layer of verification for their 2FA reset password process, or, they offer MFA but do not enforce users to employ it. 

A threat actor can simply ask for a new password and have the new password sent to their own email or phone number. Without a second verification layer to the 2FA, the threat actor can directly access the account after providing the 2FA code.

What You Can Do

Pay attention to any reset password emails or messages and ensure the MFA process has a second verification layer of security.

3. Session Cookie Theft

Another common MFA bypassing technique used by threat actors is to steal browser cookies of those who have been logged in to a site for a long period of time.

While some websites enforce a timed session for logged-in users — logging those out who have not performed any activity for a certain period of time — not all do.

Some websites allow users to be logged in for extended sessions, giving threat actors the ability to completely bypass 2FA if they’ve stolen website authentication cookies.

What You Can Do

Avoid websites that don’t kick out users for inactivity after a period of time. This invalidates the cookie, and the stolen cookie will no longer work once that happens.


Understanding Your Cyber Security and the Next Steps You Should Take

Even though two-factor authentication and multifactor authentication are cyber security layers worth considering adding across your organization, they may still have vulnerabilities to address.

Taking a proactive approach to your cybersecurity posture is the best way to understand vulnerabilities before they escalate and protect your entire network from several types of cyber attacks, not just from 2FA bypassing threats.

In our guide, Learn to Avoid Cyber Threats in 5 ½ Easy Steps, Mitnick Security Consulting equips you with the latest cyber security techniques, steps, strategies, and tips for creating a successful, proactive cybersecurity approach.

Download your copy today to begin maximizing your organization’s cybersecurity posture.

New call-to-action

Topics: 2 factor authorization

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›

Password Management Best Practices: How Secure Are Password Managers?

Password managers are convenient tools for storing, organizing, and accessing passwords. But are they safe from cyber attacks?

Read more ›