Mitigating man-in-the-middle attacks using GateKeeper.
Utilizing two-factor authentication prevents malicious actors from successfully executing a man-in-the-middle attack, even if a password is stolen. The thief would still need the second authentication factor to gain access to the targeted account.
A read-only device firmware prevents cryptographic key readback if an attacker gains physical access to the token. The tokens only accept over-the-air firmware update when the firmware is signed by Untethered Labs, Inc. – making it impossible to insert malicious firmware into a token.
In order to prevent duplication of GateKeeper tokens and mitigate Man-in-the-Middle (MiTM) attacks, a randomly generated SECRET KEY can be written to each token post registration. This SECRET KEY is then used to automatically generate one-time passcodes on the token which are sent as part of the Bluetooth advertisement packets and scanned by the client software. These one-time passcodes change every few seconds and therefore, prevent other Bluetooth devices from imitating a GateKeeper token.
How to Mitigate MitM using GateKeeper tokens.
|Set up and use a VPN to login.||Users can seamlessly login to their VPN using a key rather than tediously and repeatedly typing passwords by hand.|
|Log out of websites more often.||Signing back in is seamless using a key, meaning users can log out of websites without fear of having to sign back in.|
|Prevent phishing attacks.||Most phishing attacks rely on unsuspecting users to give up their login credentials. If the user uses a key, they don't know the password to give up. GateKeeper only auto-fills on approved websites, so users can avoid phishing sites simply by letting GateKeeper auto-fill.|
|Use 2FA to enhance security.||Using GateKeeper, 2FA is done automatically and users login faster than ever with fewer steps.|
|Use longer and harder-to-guess passwords for your router, computer, websites, and programs.||Using a longer and more difficult-to-guess password is not what people naturally tend to do because it's more effort to memorize and type. GateKeeper allows 50+ character passwords that can take supercomputers centuries to guess.|
|Reducing password resets.||GateKeeper allows admins to use longer and more secure passwords in place of more frequent password resets.|
|Eliminating passwords written on paper.||Sometimes, an insecure password written on paper for everyone to see can lead to a malicious actor finding the credentials. Avoid this by using a password manager and making passwords too long and complex to write down.|
|Avoiding SMS text 2FA.||Research has proven that SMS 2FA is vulnerable to MitM attacks. Using a localized hardware token is significantly more secure. A study by Google research determined that no users that exclusively used security keys for 2FA fell victim to targeted phishing during the investigation.|
Don't share passwords.
|Using GateKeeper, users can securely "share" passwords with other users without the risk of interception through a secure password manager.|
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email firstname.lastname@example.org.
GateKeeper defends MiTM; mitm attack prevention; man-in-the-middle attack preventing; prevent mitm attacks; preventing cyber attacks;