|
NW KS | Best practice would be to use a device with up to date firmware for finance transactions. The longer the time frame since last the last update the greater the chance of there being a well know exploit for the device. 2 factor authentication is implemented in different ways and some implementations are better than others. Codes sent by SMS or Email are generally considered the least secure. If the pin code can be intercepted it could be used to login to an account as long as it is done real time(codes are typically good for 30-60 secs). This isn't unheard of and these kind of attacks have been used. It would take a lot off effort to pull off but with enough finance incentive may be worth the effort. Codes from a phone app are some better than the ones sent over SMS or email since they are not sent over any network but still could be intercepted by a fake login. The best implementation of 2FA would be a hardware key(yubico or similar). The hardware in the key is handling the 2fa code and the data is being encrypted before ever leaving the key. This is a massive over simplification of hardware keys but conveys the basic idea.
Another thing to remember would be the accounts are only as safe as the company they are with. If the company that gave you the account has poor security practices someone else may be able to recover the account. This is one of the most common ways into an account. If you have all the right information and the company has poor account recovery protection or the customer service rep is inexperienced there is a good chance of taking over the account.
As far as networks go you can actually split them up. A simple way this is often done is with a guest network. The devices on the guest network are separated from the devices on the main network and may even be separated from connecting to other guest network devices. With the right network gear you could have even more separated networks know as Vlans. | |
|
Who can you ask harder security questions?
