Shielding yourself from Man-in-the-Middle attacks: new tools and best practices

Hackers are utilising new tricks for stealing your login credentials. Known as Man-in-the-Middle (MitM) attacks, they insert themselves between you and a website to intercept your data. So, in the face of this rising threat, we examine some of the leading ways to help mitigate the risk of falling victim.

Passkeys: the new defence champion

Passkeys are revolutionising login security. Unlike passwords, they can’t be phished and offer strong MitM protection. Using your device (phone, PC, or hardware key), a unique passkey is created for each website. This passkey consists of public and private encryption keys – the private key remains secure on your device, while the public key goes to the website.

During login, the website prompts your device for permission to authenticate via the passkey. Simply confirm with a PIN or biometrics, and you’re in! Key players like Google, Microsoft, and Apple already support passkeys, making them a great choice for protecting high-risk accounts.

Boost your two-factor authentication (2FA)

While passkeys take centre stage, 2FA remains crucial. Traditional 2FA codes (SMS or app-generated) can still be stolen, but hardware keys offer stronger protection. These keys make use of protocols like FIDO2, similar to passkeys, and verify the login request comes from the trusted website.

Phishing prevention: vigilance is key

The best defence is a good offense – avoid phishing links altogether. Phishing emails, malicious ads, and cleverly disguised URLs can trick you into entering your credentials on a fake website. Here’s how to stay vigilant:

Double-check: Unsolicited login requests? Open a new tab and navigate directly to the website.
Pay attention to URLs: Don’t rush! Check the website address carefully before logging in or submitting information.
Ad-blockers: Hide sponsored results to avoid clicking on disguised phishing links.
Public Wi-Fi? Protect Your Traffic: Use a VPN to encrypt your data and prevent manipulation by third parties.

Software solutions lend a hand

Security software plays a vital role. Antivirus programs, including independent security suites or built-in tools like Windows Security, can block known malicious URLs and protect you while browsing and downloading emails. Modern browsers also offer built-in security features, and browser extensions from major antivirus vendors can warn you about unsafe websites and search results.

By implementing these strategies, you can significantly strengthen your login security and stay ahead of evolving MitM attacks. Remember, a combination of vigilance, strong authentication methods, and security software is your best defence against online threats.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Shielding yourself from Man-in-the-Middle attacks: new tools and best practices

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000