A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication (2FA). In his write-up on the tool, (which is dubbed Modlishka, meaning “mantis” in English), he asked, “is 2FA broken?”
It’s a question that’s worth exploring, given that this isn’t the first time in recent months that 2FA has been defeated. So, to add context to this latest in a string of high-profile blows against the technology, we decided to ask authentication experts what they thought. First, a brief description of the 2FA-related hacks. Second, the roundtable responses from experts are below.