APIIDA Mobile Authentication and APIIDA Intelligent SSO not affected by “Modlishka 2FA hack”

by Sebastian Rohr, CTO, APIIDA AG

In light of recent events and news, that simple 2FA mechanisms like Google Authenticator or Microsoft Authenticator may be vulnerable to automated phishing attacks abusing the “Modlishka” security evaluation tool by Polish security expert Piotr Duszyński, let me briefly comment on this in regard to the APIIDA authentication solutions:

Luckily, the suggested attack vectors are only relevant for pure and direct access to services which have easy-to-defeat authenticator apps as 2FA enabled. Enterprise grade 2FA solutions such as APIIDA Mobile Authentication are working far ahead of such attacks by protecting access to the underlying Windows client system with a certificate-based login, much as smartcards did in the last two decades. Beyond that, the sketched attack vectors are not even relevant due to architectural design decisions we took while developing our APIIDA Mobile Authentication.

Also, I am proud, that our online security solution APIIDA Intelligent SSO features full support for the FIDO2 U2F tokens mentioned as the “only secure option” in the news.

For any questions or comments, please contact info@apiida.com or reach out to me directly on sebastian.rohr@apiida.com.

This website uses cookies to permanently improve the user experience. By visiting this website, you automatically agree to this fact. Further information can be found in our Privacy Policy.

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.