Why Lack of MFA adoption by users raises concerns over security

“It looks like you’re at risk of being hacked. Would you like to start using multi-factor authentication?”

Yes, this might be a fictional prompt from a long-abandoned Clippy, but maybe the digital assistant needs to step in—because only 28% of Microsoft users were using multi-factor authentication (MFA) as of December 2022.

In fact, according to a blog post from Microsoft’s VP of identity security, Alex Weinert, 99.9% of user accounts that are compromised don’t have MFA authorized. Hackers launch thousands of password attacks every second against Microsoft systems, targeting users who aren’t protected by MFA.

“Multi-factor authentication is one of the most basic defenses against identity attacks today,” Weinert wrote, adding that the 28% adoption rate was confounding and had the expected reaction from hackers: “With such low coverage, attackers increase their attack rate to get what they want.”

The difference in numbers is stark: Where those unprotected by MFA see thousands of attacks per second, users with the security measure experience a relatively low amount of tens of thousands of attacks per month. Weinert said he recommends Microsoft users take steps to protect themselves beyond simply any multi-factor authentication and use products like Microsoft Authenticator, Windows Hello, and FIDO.

Feeling sleepy. But as IT Brew reported last year, MFA fatigue—where attackers find a password and send request after request to a user’s device in hopes they’ll finally give up and give the go-ahead—works with Authenticator as well.

“What Microsoft did was [try] to make it as simple as possible. They made it too simple,” SANS Institute Director Lance Spitzner said. “That’s what bad guys are taking advantage of.”

The future is likely to focus less on passwords and more on biometrics and codes. For now, though, MFA is the best way to ensure security for the vast majority of users: It’s easy to use, makes intuitive sense, and is set up across multiple companies and the internet.

That makes the resistance to using it from more than 70% of Microsoft users so confounding—especially as the nature of MFA itself is changing, Weinert wrote.

“Old-fashioned, bolt-on multi-factor authentication was clunky, requiring copying codes from phone to computer and getting multiple prompts,” Weinert wrote. “Modern multi-factor authentication using apps, tokens, or the device itself is very low friction or even invisible to the users.”

Hot this week

When More Security Tools Create More Risk

Adding security tools often increases risk through complexity. Learn how consolidation and staff training create stronger defenses than endless tool accumulation.

Firewalls Create Dangerous False Security and What to Do Instead

Firewalls create dangerous security illusions by focusing exclusively on perimeter defense while attackers exploit internal network vulnerabilities through lateral movement after inevitable breaches occur.

Why Perfect Security Is a Dangerous Illusion

Financial security teams waste resources chasing breach prevention when resilience and rapid recovery deliver better protection. Learn practical steps to shift focus from impossible perfection to manageable containment.

The Overlooked Vulnerability in Modern Cybersecurity

Security breaches often stem from communication failures rather than technical flaws. Building shared understanding between teams creates stronger protection than any firewall alone.

Why Passwords Alone Fail Us

Passwords alone cannot protect our digital lives anymore. Discover why password managers and two-factor authentication are non-negotiable tools for true security.

Topics

When More Security Tools Create More Risk

Adding security tools often increases risk through complexity. Learn how consolidation and staff training create stronger defenses than endless tool accumulation.

Firewalls Create Dangerous False Security and What to Do Instead

Firewalls create dangerous security illusions by focusing exclusively on perimeter defense while attackers exploit internal network vulnerabilities through lateral movement after inevitable breaches occur.

Why Perfect Security Is a Dangerous Illusion

Financial security teams waste resources chasing breach prevention when resilience and rapid recovery deliver better protection. Learn practical steps to shift focus from impossible perfection to manageable containment.

The Overlooked Vulnerability in Modern Cybersecurity

Security breaches often stem from communication failures rather than technical flaws. Building shared understanding between teams creates stronger protection than any firewall alone.

Why Passwords Alone Fail Us

Passwords alone cannot protect our digital lives anymore. Discover why password managers and two-factor authentication are non-negotiable tools for true security.

The Quiet Strength of Cyber Resilience

Building cyber resilience involves layered strategies like multi factor authentication, reliable backups, and incident planning - practical steps any organization can implement immediately.

Practical Cybersecurity Habits for Everyday Protection

Essential cybersecurity habits everyone can implement today including password managers multi-factor authentication and phishing awareness with global resource examples.

Mental Wellness in Cybersecurity A Necessary Focus

Cybersecurity professionals face unique mental health challenges requiring organizational support and personal resilience strategies for sustainable career longevity.
spot_img

Related Articles

Popular Categories