Two-factor authentication: Screenshots as a security gap

Special Apps for two-factor authentication is supposed to bring more security. However, when a certain function is not prevented, you may be at risk.

Actually, the Authenticator Apps from Google, Microsoft and other providers to make use of numerous services safer. Using these Tools users will receive on your Smartphone all the necessary verification codes to log in to account log-in, where you have Two-factor authentication enabled.

The most important prerequisite for the security of the system is that the one-time passwords (TOTP Codes) are moved only to the legitimate user.

Display

The Codes it could be malware, but a special feature of the Smartphone operating system, taking advantage of the to Create on-screen pictures:.

And that is precisely the point: Both Google Authenticator and Microsoft Authenticator, in order to allow the Taking of Screenshots. In the case of other authentication Apps, it looks not better. A fact, the security experts have a few years ago have pointed out.

As ZDNet reported, this Problem still and I shall also exploited from at least one Trojan. It was, at least in the case of Android – a simple command in the program code actually easily possible to disable the Screenshot function.

Therefore, the question is why neither Microsoft nor Google use this Option.