Your IT Consultant

MFA is NOT Bulletproof

April 20, 2023

Every user should have multi-factor authentication (MFA) enabled for each account. MFA is that second item that is needed to authorize your account for logon. It could be a text message, code from an authentication app, push notification, some form of biometric or a physical token. The second factor helps protect your account should your password be compromised. However, having MFA enabled doesn’t guarantee you’ll keep out unauthorized people. There are ways to get around that second factor.

Dark Reading posted information about two common MFA attacks and how to help secure your account. SMS text messaging is the weakest of the MFA implementations and can be easily intercepted to compromise your account. Push notifications are more secure, but can be bypassed for those suffering from push fatigue. In other words, don’t ever accept a push notification if you weren’t the one to initiate it. Unfortunately, some users give up and authorize the connection just to stop being annoyed. Some MFA solutions are better than others and the attacks are getting more sophisticated.

Even though there are techniques to get around some forms of MFA, you should be using some sort of MFA to protect your account. Having MFA is a heck of a lot better than not having it.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com