Photo : DANIEL MIHAILESCU / AFP ( Getty Images )

Two-factor authentication or two-step verification has been sold to web users as one of the tools more important and reliable to protect your digital life. Probably already you know how does it work : ensuring an account not only with password, but also with a factor secondary (usually an automatic code sent by text message to your phone or device of choice), companies can verify that whoever is initiating session in your mind is it really you and not someone you managed to get your personal information.

But nevertheless, new research shows hackers unfortunately they have found a number of effective ways to circumvent the double factor protections , and they are using these methods more and more.

The study, conducted by academic researchers at Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits that are used to circumvent authentication protections. Tool kits They are malicious software programs that are designed to aid in cyberattacks. They are designed by criminals and are typically sold and distributed on dark web forums. , where any user you can buy and use them. Stony Brook’s study, on which originally reported The Record, shows that these malicious programs are used to impersonate and steal login data from double factor of the users of the main sites of I internet . They are increasingly used , Y researchers have found a total of at least 1200 different toolkits milling around in the digital underworld.

Of course, cyberattacks that can break the two factor authentication they are not newBut the distribution of these malicious programs shows that they are becoming more sophisticated and more widely used.

Toolkits bypass the two factor authentication stealing something possibly more valuable than you u password: tus two-factor authentication cookies , which are files that are saved in your web browser when the authentication process is carried out.

According to the study, such cookies can be stolen in two ways: a hacker can infect the computer of a victim with malware that steals data or can steal cookies In transit, along with you u password, before they reach the site which is trying to authenticate you. This is done by phishing and the capture of t u web traffic through a style attack Man-in-the-Middle which redirects traffic to a phishing site and its reverse proxy server associated . This way, the attacker can come between you and the website you are on trying to log in, thus capturing all the information that passes between the two .

After a hacker silently kidnaps t u traffic and seizes those cookies, you can enjoy access to u counts for the duration of the cookie. In some cases, such as social media accounts, this could be quite time consuming, notes The Record.

It’s a bit annoying, because in recent years, the two factor authentication has been widely seen as an effective method of identity verification and account security. On the other hand, recent studies have also shown that many people they don’t even bother on activating two-step verification first of all, which, if true, means we probably have even bigger problems in the department of the web security.