Tuesday, May 21, 2024

Tech News, analysis, updates, comments, reviews

Why Lack of MFA adoption by users raises concerns over security

This is a case study of Microsoft's users adoption of MFA. Only 28% of Microsoft users have MFA—as thousands of attacks every second target unprotected accounts.

“It looks like you’re at risk of being hacked. Would you like to start using multi-factor authentication?”

Yes, this might be a fictional prompt from a long-abandoned Clippy, but maybe the digital assistant needs to step in—because only 28% of Microsoft users were using multi-factor authentication (MFA) as of December 2022.

In fact, according to a blog post from Microsoft’s VP of identity security, Alex Weinert, 99.9% of user accounts that are compromised don’t have MFA authorized. Hackers launch thousands of password attacks every second against Microsoft systems, targeting users who aren’t protected by MFA.

“Multi-factor authentication is one of the most basic defenses against identity attacks today,” Weinert wrote, adding that the 28% adoption rate was confounding and had the expected reaction from hackers: “With such low coverage, attackers increase their attack rate to get what they want.”

The difference in numbers is stark: Where those unprotected by MFA see thousands of attacks per second, users with the security measure experience a relatively low amount of tens of thousands of attacks per month. Weinert said he recommends Microsoft users take steps to protect themselves beyond simply any multi-factor authentication and use products like Microsoft Authenticator, Windows Hello, and FIDO.

Feeling sleepy. But as IT Brew reported last year, MFA fatigue—where attackers find a password and send request after request to a user’s device in hopes they’ll finally give up and give the go-ahead—works with Authenticator as well.

“What Microsoft did was [try] to make it as simple as possible. They made it too simple,” SANS Institute Director Lance Spitzner said. “That’s what bad guys are taking advantage of.”

The future is likely to focus less on passwords and more on biometrics and codes. For now, though, MFA is the best way to ensure security for the vast majority of users: It’s easy to use, makes intuitive sense, and is set up across multiple companies and the internet.

That makes the resistance to using it from more than 70% of Microsoft users so confounding—especially as the nature of MFA itself is changing, Weinert wrote.

“Old-fashioned, bolt-on multi-factor authentication was clunky, requiring copying codes from phone to computer and getting multiple prompts,” Weinert wrote. “Modern multi-factor authentication using apps, tokens, or the device itself is very low friction or even invisible to the users.”

1 COMMENT

  1. Normally I do not read article on blogs however I would like to say that this writeup very forced me to try and do so Your writing style has been amazed me Thanks quite great post

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Google I/O 2024 Unveils the Future?

Google I/O 2024 was an impressive showcase of how Google continues to push the envelope with artificial intelligence. This year's event introduced significant advancements across multiple services and platforms, demonstrating Google's commitment to an AI-first future. Below, I try...

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.