minute read Share this article: Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. You have to hand it to the cyber-thieves: They have proven extremely adept at defeating security measures once thought reliable. Case in point: multifactor authentication (MFA). While two-factor authentication (2FA) using push text notifications has become the de-facto standard for login security, bad actors have found a variety of ways to circumvent it. In fact, there is a cottage industry focused on defeating 2FA. Akamai recently published a blog post describing a phishing campaign that targeted banking customers in the United Kingdom by evading 2FA. Researchers from the Global Threat Intelligence Team at WMC recently disclosed that they were tracking a threat actor who goes by the alias “Kr3pto” who builds and sells phishing kits designed to acquire real-time security codes and 2FA data targeting U.K. financial institutions.