Hackers are utilising new tricks for stealing your login credentials. Known as Man-in-the-Middle (MitM) attacks, they insert themselves between you and a website to intercept your data. So, in the face of this rising threat, we examine some of the leading ways to help mitigate the risk of falling victim.
Passkeys: the new defence champion
Passkeys are revolutionising login security. Unlike passwords, they can’t be phished and offer strong MitM protection. Using your device (phone, PC, or hardware key), a unique passkey is created for each website. This passkey consists of public and private encryption keys – the private key remains secure on your device, while the public key goes to the website.
During login, the website prompts your device for permission to authenticate via the passkey. Simply confirm with a PIN or biometrics, and you’re in! Key players like Google, Microsoft, and Apple already support passkeys, making them a great choice for protecting high-risk accounts.
Boost your two-factor authentication (2FA)
While passkeys take centre stage, 2FA remains crucial. Traditional 2FA codes (SMS or app-generated) can still be stolen, but hardware keys offer stronger protection. These keys make use of protocols like FIDO2, similar to passkeys, and verify the login request comes from the trusted website.
Phishing prevention: vigilance is key
The best defence is a good offense – avoid phishing links altogether. Phishing emails, malicious ads, and cleverly disguised URLs can trick you into entering your credentials on a fake website. Here’s how to stay vigilant:
- Double-check: Unsolicited login requests? Open a new tab and navigate directly to the website.
- Pay attention to URLs: Don’t rush! Check the website address carefully before logging in or submitting information.
- Ad-blockers: Hide sponsored results to avoid clicking on disguised phishing links.
- Public Wi-Fi? Protect Your Traffic: Use a VPN to encrypt your data and prevent manipulation by third parties.
Software solutions lend a hand
Security software plays a vital role. Antivirus programs, including independent security suites or built-in tools like Windows Security, can block known malicious URLs and protect you while browsing and downloading emails. Modern browsers also offer built-in security features, and browser extensions from major antivirus vendors can warn you about unsafe websites and search results.
By implementing these strategies, you can significantly strengthen your login security and stay ahead of evolving MitM attacks. Remember, a combination of vigilance, strong authentication methods, and security software is your best defence against online threats.