I just read yet another breach report Experian filed with the New Hampshire Attorney General’s Office. The sequence generally goes like this:
- Someone acquires the Experian login for one of Experian’s clients.
- The login is misused to access credit report and info on people.
- The breach is discovered.
- Login is changed.
- The individuals are notified and offered credit monitoring.
This time it was Iowa Telecommunications whose login wound up in the wrong hands.
You prevent ’em with two-factor authentication tokens. You know, like the ones you can get for World of Warcraft.
If someone can get the login credentials, could they possibly also defeat two-factor authentication? Does it matter how they’re acquiring the login?