%20formatted-1.png?width=582&height=170&name=SIGNiX%20Logo%20Main%20(white)%20formatted-1.png)
Recent information shows that a simple security fix—two-factor authentication—could have prevented the largest hack of an American bank to date. JPMorgan Chase suffered a data breach last summer, and recent information gives us insights into how the hack took place. The New York Times reported that missing two-factor authentication was responsible for the breach.
When the hack was uncovered in August, many experts believed that hackers used a sophisticated attack to break into JPMorgan’s network. But the hack’s source was much more simple—a hacker stole a single JPMorgan employee’s credentials.
That wouldn’t normally be a problem because JPMorgan uses two-factor authentication—a method that requires an additional piece of information in addition to a password to gain access to a secure system.
However, one of the bank’s servers didn’t have two-factor authentication enabled. Instead, the server allowed employees to log in with their username and password alone. Experts aren’t sure why one server was left without two-factor authentication.
This single weak point was enough for hackers to break in and gain access to more than 90 of JPMorgan’s servers. Because of this oversight, hackers were able to access account information for 83 million households and small businesses. Hackers were able to access these servers over the course of several months until they were discovered in August.
This new information helps explain why other financial institutions that were targeted by the same hackers weren’t affected nearly as much as JPMorgan.
What is Two-Factor Authentication?
Two-factor authentication offers an extra layer of security that requires not only a username and password, but also a piece of information that the user has access to. This information could be a PIN number, birth date, or a secret code sent by text message, among other things.
For online banking and other important web-based transactions, two-factor authentication is a practical way to increase security. Big-name services that support two-factor authentication include Google, Facebook, Yahoo, PayPal and Dropbox.
Click here to learn more about different types of two-factor authentication.
