Bitcoin Forum
November 11, 2024, 03:00:10 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Can 2FA be Hacked?  (Read 456 times)
AakZaki
Legendary
*
Offline Offline

Activity: 2338
Merit: 1084


zknodes.org


View Profile WWW
December 15, 2020, 06:39:06 PM
 #21

This can happen, we all need to be aware of all online activities related to email and passwords. You must be observant of phishing emails, web phishing and other phishing. Some cases I know they use email, they send a email for you with contents a link to the web just like the original web. After that they work by retrieving your session cookie, this cookies used to log in to your account (If I'm not mistaken).  Therefore, hackers no longer need your name, password or two-factor authentication
abokhalel2
Member
**
Offline Offline

Activity: 233
Merit: 10


View Profile
December 15, 2020, 08:56:53 PM
 #22

Yes, in this world nothing can be hidden. Everything will be hacked sooner or later. There is only one defense - your brain, but, unfortunately, everything cannot be hidden there.
iamaruf
Sr. Member
****
Offline Offline

Activity: 1064
Merit: 265


Vave.com - Crypto Casino


View Profile
December 15, 2020, 10:38:39 PM
 #23

Everything is hackable. Even there are many ways to bypass the 2FA on Facebook. You can google it to know more. But for the recovery option, you can reset your pass through mail. If everything changed then try to contact support and give them your all details to prove that the account is yours. They can ask you for a Passport/driving/NID. In this way, you can get your Facebook account back.

masulum
Legendary
*
Offline Offline

Activity: 2324
Merit: 1604

hmph..


View Profile WWW
December 15, 2020, 10:49:28 PM
 #24

2FA user are still can lose their account with several ways to bypassing 2FA or because of phishing site. the code it self can be hacked by brute forcing. Don't forget about 2FA bypassing too. Even 2FA can't be hacked, there will be another to skipping 2FA from your account. Well, people must be aware about any possibility of hacking. If they are thinking if his account are really safe because of using 2FA, then he was wrong.

HOLD...
abel1337
Legendary
*
Offline Offline

Activity: 2492
Merit: 1145


Enterapp Pre-Sale Live - bit.ly/3UrMCWI


View Profile WWW
December 15, 2020, 11:53:53 PM
 #25

Recently my Facebook Account was Hacked which was protected by 2FA. I was thinking that 2FA was very advance security. But I was Wrong. My Account was hacked and hacker change all my email and Phone Number. Has anyone faced same problem please reply in post. If someone has recovered hacked account please reply with information.
I believe that everything could be hacked even you have layers of security, Hackers have different methods of doing their thing and 2FA is not that much security for "god-like hackers". 2FA can improve your account security exponentially but there's some way to bypass it. You might be hacked physically by having the hacker access your security device and steal the necessary information there. If your device is stolen in real life it would basically give a great potential risk to your accounts. It would be better not to share any information with everyone especially if your account has good money in it and if you value your account so much, You could be a target just by sharing some info with someone.

█████████████████████
█████████████████████████
█████████▀▀▀▀▀▀▀█████████
██████▀███████████▀██████
█████▀███▄▄▄▄▄▄▄███▀█████
████████▀▀▀▀▀▀▀▀▀████████
█████████████████████████
█████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████
█████████████████████████
██████▄███████████▄██████
█████████▄▄▄▄▄▄▄█████████
█████████████████████████
█████████████████████
 
    CRYPTO WEBNEOBANK    
▄▄███████▄▄
▄███████████████▄
▄██████░░░░░░░░░░███▄
▄████▄▄███████▄▄░░░██▄
▄█████████████████░░░██▄
████░░▄▄▄▄▄▄▄▄▄░░░░░░░░██
████░░██████████░░░░░░░██
████░░▀▀▀▀▀▀▀▀▀░░░░░░░░██
▀█████████████████░░░██▀
▀████▀▀███████▀▀░░░██▀
▀██████░░░░░░░░░░███▀
▀███████████████▀
▀▀███████▀▀
Cryptomint9
Member
**
Offline Offline

Activity: 76
Merit: 23


View Profile
December 18, 2020, 06:32:13 PM
 #26

Yes it can be hacked. Because hackers have excellent mind. And they can hack any thing. Like you can read this article.
https://www.pymnts.com/safety-and-security/2019/chinese-hacking-attacks-take-down-2fa/
BIN-BIN
Member
**
Offline Offline

Activity: 504
Merit: 57


View Profile
December 18, 2020, 10:42:34 PM
 #27

2 factor authentication security software is venerable only if it is compromise by the hacker and this can happened when the malware attack your system and steal some of your security details.

E.g if you store password and other security information on google it can be easily stolen and accounts compromised so yes 2FA can be hacked.
Issa56
Hero Member
*****
Online Online

Activity: 1554
Merit: 937


Hhampuz for Campaign management.


View Profile
December 25, 2020, 03:30:20 PM
 #28

Why not anything can be hacked that why you have to keep you private key safe so that it your account won't be tampered with, you don't have to trust anybody with your private key no matter how close you are.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
December 25, 2020, 03:47:32 PM
 #29

With "hacked" you are probably referring to gained access to.
And this definitely is possible.

The two most common ways to circumvent 2fa is to either 1) compromise the device holding the 2fa key or 2) manipulate the system in such a way that no 2fa is required.

Number 1) is an attack on the user. It targets the device storing the 2fa secret.
Number 2) focuses on the system which utilizes 2FA. Even if your security is perfect (which it never will be), you can never be sure whether the security of the service you are using is good enough. 2FA does not guarantee that you are safe. It just decreases the risks.

Oshosondy
Legendary
*
Online Online

Activity: 1624
Merit: 1202


Gamble responsibly


View Profile
December 25, 2020, 06:52:21 PM
 #30

There is back ups for every accounts you add in your google authentication app, assuming you buy a new smartphone now you can easily export all the 2FA accounts into the new phone, meaning that if someone have access  to your phone they can export your 2FA settings and gave access to every websites you use 2FA on
You are right, if hackers can steal the 2fa back up, the hacker will be able to to access the 2fa code successfully, but there are many other ways to get access to the back up, and there are ways the back up is not needed at all but the time codes which is changing every 30 seconds or so will still be revealed. This can be possible through malacious codes hackers can input into devices like phones and computers.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Globb0
Legendary
*
Offline Offline

Activity: 2702
Merit: 2053


Free spirit


View Profile
December 25, 2020, 07:16:01 PM
 #31

Nothing is un hackable.

Hacks come and go then the fix has to follow.


By adding more layers like 2fa you give yourself a better chance against an easier target. (with a simple password for example)

another benefit being the hacker has now to compromise 2 devices to "get you"


ofc if they have hacked your main email, they may be able to reset a few other things.

So make sure you use a secure password!


Security starts at home.
taufik123
Legendary
*
artcontest pizza
Offline Offline

Activity: 2702
Merit: 1855


Rollbit.com | #1 Solana Casino


View Profile
December 26, 2020, 01:50:45 AM
 #32

You are right, if hackers can steal the 2fa back up, the hacker will be able to to access the 2fa code successfully, but there are many other ways to get access to the back up, and there are ways the back up is not needed at all but the time codes which is changing every 30 seconds or so will still be revealed. This can be possible through malacious codes hackers can input into devices like phones and computers.
It's not just 2FA reserves that will be targeted for hacking. But by smuggling malware, hackers can easily bypass the 2FA code. Malware usually infiltrates advertisements or on websites that we visit while surfing the internet or in applications, photos and videos.
this all also depends on the readiness of the user to be careful and not fall into the trap that has been provided by hackers. Phishing, malware, fake applications and others must be kept on alert. No system is safe, all systems can be hacked.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
libert19
Hero Member
*****
Offline Offline

Activity: 2674
Merit: 972


View Profile WWW
December 28, 2020, 03:37:38 AM
 #33

'hacker' could have also gotten access to backup codes you saved.
Charles-Tim
Legendary
*
Offline Offline

Activity: 1722
Merit: 5208


Leading Crypto Sports Betting & Casino Platform


View Profile
December 28, 2020, 08:15:37 PM
Merited by vapourminer (1)
 #34

'hacker' could have also gotten access to backup codes you saved.
Hackers can only steal what are online and on devices, if the backup is completely saved offline, there is no way for hackers to steal it, but some people just like taking the screen shot of backup or saving it on the device they are using, these ways of backup not good and not safe at all. The best is to have your 2fa backup code on a paper written with pencil, or printed and laminated, or written on metallic sheet. To have it saved offline will protect it from any form of online attack. But, also, it is very important to safe it from physical damages and offline attackers, but offline attack are not common like online attack but also worth protecting it from offline attacks.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
decodx
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 940

🇺🇦 Glory to Ukraine!


View Profile
December 28, 2020, 08:31:28 PM
 #35

I don't think 2FA can be hacked specially the one made by google and steam..

2FA authenticator uses software such as Google Authenticator, Microsoft Authenticator or Authy. It operates on a TOTP (time based one-time password) concept. TOTP is more reliable than SMS, however, there have been reports of hackers stealing authentication codes from Android smartphones. There are even some malwares that can copy and send authenticator codes to a hacker.
Oshosondy
Legendary
*
Online Online

Activity: 1624
Merit: 1202


Gamble responsibly


View Profile
December 29, 2020, 08:14:16 AM
 #36

2FA authenticator uses software such as Google Authenticator, Microsoft Authenticator or Authy. It operates on a TOTP (time based one-time password) concept. TOTP is more reliable than SMS, however, there have been reports of hackers stealing authentication codes from Android smartphones. There are even some malwares that can copy and send authenticator codes to a hacker.
First of all, not all authentication codes are Time-based One-time Password (TOTP), some are HMAC-based One-time Password algorithm (HOTP) which depends on a counter. Also there are many other good 2 factor authenticators, like AndOTP and Aegis, they are all good too.

About the malware that can steal authenticator codes, trojan is just the typical example.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
December 29, 2020, 10:19:26 AM
 #37

First of all, not all authentication codes are Time-based One-time Password (TOTP), some are HMAC-based One-time Password algorithm (HOTP) which depends on a counter.

Most services don't support HOTP, but TOTP only.
While HOTP might be more user friendly because there is no time limit or lag to enter the code, it might be more susceptible to bruteforce.

Generally, TOTP can be considered more secure than HOTP. Especially because the generated 2fa code is only valid for a short timeframe.

Crypto Bright
Newbie
*
Offline Offline

Activity: 252
Merit: 0


View Profile
December 29, 2020, 12:14:41 PM
 #38

I have encounter the same problem with my Facebook account, been hacked, luckily enough i was online chatting, i discover my account has been logout, by sending message it could not delivered, immediately, i request on change of password of my Facebook account and also changed my email address password by restoring my Facebook account, and i believed the hacker has got access to your email, may be you save (2FA) Factor Authorization on draft message. which is not advisable to saved 2FA online, i prefer offline saving phase.
decodx
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 940

🇺🇦 Glory to Ukraine!


View Profile
December 30, 2020, 09:50:40 AM
 #39

First of all, not all authentication codes are Time-based One-time Password (TOTP), some are HMAC-based One-time Password algorithm (HOTP) which depends on a counter.

Most services don't support HOTP, but TOTP only.
While HOTP might be more user friendly because there is no time limit or lag to enter the code, it might be more susceptible to bruteforce.

Generally, TOTP can be considered more secure than HOTP. Especially because the generated 2fa code is only valid for a short timeframe.

I didn't even know about HOTP (probably because it's not used a lot), thanks for the info. I'm going to have to research this in more detail.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!