Security Weaknesses of Conventional 2 Factor
While conventional 2 factor authentication solutions slightly improve security, they remain vulnerable to a number of cyber attacks. NIST‘s recent Draft on Digital Identity Guidelines makes strong recommendations against SMS based 2 factor solutions, highlighting their associated security concerns. SMS based 2 factors are especially vulnerable to mobile banking malware (e.g. Spy.Agent, Acecard, and GM Bot) and complex attacks that steal OTPs.
Two factor authentications, in general, do not stop man-in-the-middle, social engineering and phishing attacks. In fact, as long as the user is manually entering credentials, the authentication process is open to a variety of attacks.