Book: Hacking Multifactor Authentication

Book: Hacking Multifactor Authentication[German]A small note for my blog reader. It's such apparent certainties that make us feel 'well secured and taken care of' security-wise. All you need is Multifactor Authentication (MFA) and good security software and everything is secured. As of December 17, 2020, the title 'Multifactor Authentication' by Roger A. Grimes (published by Wiley) is out. Since I frequently writes about security topics here on the blog, I received a copy of the book in advance and read it crosswise a week ago.


First of all: I was skeptical when the request came 'do you want a copy to review', I have received titles in recent months, where I have struggled with reviews. Perhaps I get in my own way too often, because after more than 200 titles that I have written over the last 35 years, one gets a certain view of the respective titles: is there a market, how has the whole thing been realized in terms of production and what can be said about the content. And with this book?

Let me say it this way: There is one good news and a lot of bad news. The good news is that there is now a book that describes the various ways to bypass security features and hack systems. The bad news, after cross-reading the book, is that everything can be hacked and multifactor authentication is often not worth the paper the term is printed on. The only thing security managers can do: Look at the possible attack scenarios and eliminate or mitigate the potential points of failure or vulnerability as best they can.

Roger A. Grimes knows what he's writing about, having been in the business for over 2 decades. As a Principal Security Architect at Microsoft, he works with Microsoft Windows, Linux, and BSD. He is also the author of 10 books and over 1000 national magazine articles on computer security. Roger A. Grimes specializes in host security and preventing hacker and malware attacks. As a result, he is a frequent speaker at national computer security conferences, has been a security columnist for InfoWorld and CSO magazines since 2005, and is a former instructor and penetration tester for Foundstone.

A brief overview

More and more digital environments are deploying multi-factor authentication (MFA). Yet millions of dollars have been and continue to be stolen from MFA-protected online accounts. How is this possible? Most people who use multi-factor authentication (MFA) have been told that it is more secure than other types of authentication. In fact, all MFA solutions are easy to hack.

There is no such thing as a completely secure MFA solution. Most can be hacked in at least five different ways. The book Hacking Multifactor Authentication shows how MFA works behind the scenes and how poorly linked multifactor authentication steps make it possible to crack and compromise MFA. Hacking Multifactor Authentication includes 25 chapters divided into three parts:


Part I: Introduction

Part II: Hacking MFA

Part III: Looking Forward

After cross-reading the title, I'm personally excited. In the book, the author covers the basics and hacking techniques in 25 chapters, divided into the three sections mentioned above, but also concludes with some advice on what can be done better in terms of secure systems and what the future holds for authentication. You don't can read the title and then have the knowledge from 520 pages present. But, when it comes to securing access an IT system, the book will be valid to go through the relevant sections. There you can check whether certain problems have been avoided.

What I particularly liked: Roger A. Grimes reveald many insides and experiences from his 20 years of work in this area; for example, he describes all whistles and bells, that Microsoft developers had to pass when implementing User Account Control on Windows Vista to prevent a fake display by malware that snatches an administrator's credentials. Or you learn that several security procedures could be used, but in companies like Microsoft there are often reasons, not to implement such a measure. After all, security is always a compromise that need to keep the user within the focus. I think the title is a useful read for anyone who is concerned with the topic of security in access systems and wants to know more about multifactor authentication and its risks.

Buch: Hacking Multifactor Authentication

Hacking Multifactor Authentication
Paperback – December 17, 2020
Oublisher : Wiley; 1. Edition
Languate: : English
576 Pages
ISBN-10 : 1119650798
ISBN-13 : 978-1119650799
Size: 18.73 x 3.3 x 23.5 cm
Price: 28,60 Euro

Note: If you order through this Amazon link, I will be credited with a small commission.

Cookies helps to fund this blog: Cookie settings

This entry was posted in General and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published.