f an employee used internal chat to request MFA bypass due to losing their device, do you have a set policy on other verification you would ask for?


Badge

Social engineering wins again. If an employee used internal chat to request MFA bypass due to losing their device, do you have a set policy on other verification you would ask for? We didn't have Hangouts/Teams/Slack, but even when people called from their desk phone for a password reset we'd ask things like their employee number, start date (compared to AD account creation), basically anything we had access to compare against.
https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack


This topic has been closed for comments

3 replies

Many times I’ve seen Zoom sessions required to bypass anything. We need to see them.


Open Thread in Slack
Badge

Yep, thats what we are going to do, video chat required for MFA resets on Okta. Some companies ask for a Duo Push for other sensitive IT requests (obv wont work for lost phone but great for other requests)


Open Thread in Slack

Our policy is to always verify face-to-face or via zoom/meet/facetime. And we enforce us calling you based on your contact details in our HRIS platform. Causes a delay, but, I think it's worth it.


Open Thread in Slack