Video Screencast Help
Authentication (User) Blog

Heartbleed: Wake-up call for Two-Factor Authentication

Created: 17 Apr 2014 • Updated: 21 Apr 2014
Teresa Law's picture
+2 2 Votes
Login to vote

Symantec VIP would have dramatically reduced the threat of Heartbleed. Did you have it?

For those who haven’t been following the news (really?), the OpenSSL Heartbleed bug is one of the most serious security vulnerabilities to rear its ugly head in years. In short, Heartbleed could let an attacker steal all of your users’ passwords, which would have given them access to ALL your data.  So why are we still relying on just passwords?

For those businesses that use two-factor authentication, static passwords compromised by attackers using Heartbleed are next to useless. This is because two-factor authentication systems like Symantec VIP provide an additional layer of protection to the user’s account – typically a six-digit security code that changes every 30 seconds.  That means the attacker must have both the password and the security code – a security code that has either expired or has already been used by the legitimate user and cannot be used a second time. Out of band and tokenless authentication like VIP Access Push offer the same level of protection – the attacker can’t get access to the second factor.

Two-factor authentication protects your organization against password breaches. The Heartbleed bug makes its value clear – if you’re still just relying on passwords, it’s time to wake up.

To learn more about Symantec VIP, please visit the website www.symantec.com/vip or try free for 60 days.

More information to help prepare for attacks and some interesting insights into the authentication industry are available in the upcoming Symantec User Authentication Survey and Maturity Model to be released soon.

Follow us on Twitter: @SymantecVIP