Monday, April 15, 2024

Tech News, analysis, updates, comments, reviews

Why Lack of MFA adoption by users raises concerns over security

This is a case study of Microsoft's users adoption of MFA. Only 28% of Microsoft users have MFA—as thousands of attacks every second target unprotected accounts.

“It looks like you’re at risk of being hacked. Would you like to start using multi-factor authentication?”

Yes, this might be a fictional prompt from a long-abandoned Clippy, but maybe the digital assistant needs to step in—because only 28% of Microsoft users were using multi-factor authentication (MFA) as of December 2022.

In fact, according to a blog post from Microsoft’s VP of identity security, Alex Weinert, 99.9% of user accounts that are compromised don’t have MFA authorized. Hackers launch thousands of password attacks every second against Microsoft systems, targeting users who aren’t protected by MFA.

“Multi-factor authentication is one of the most basic defenses against identity attacks today,” Weinert wrote, adding that the 28% adoption rate was confounding and had the expected reaction from hackers: “With such low coverage, attackers increase their attack rate to get what they want.”

The difference in numbers is stark: Where those unprotected by MFA see thousands of attacks per second, users with the security measure experience a relatively low amount of tens of thousands of attacks per month. Weinert said he recommends Microsoft users take steps to protect themselves beyond simply any multi-factor authentication and use products like Microsoft Authenticator, Windows Hello, and FIDO.

Feeling sleepy. But as IT Brew reported last year, MFA fatigue—where attackers find a password and send request after request to a user’s device in hopes they’ll finally give up and give the go-ahead—works with Authenticator as well.

“What Microsoft did was [try] to make it as simple as possible. They made it too simple,” SANS Institute Director Lance Spitzner said. “That’s what bad guys are taking advantage of.”

The future is likely to focus less on passwords and more on biometrics and codes. For now, though, MFA is the best way to ensure security for the vast majority of users: It’s easy to use, makes intuitive sense, and is set up across multiple companies and the internet.

That makes the resistance to using it from more than 70% of Microsoft users so confounding—especially as the nature of MFA itself is changing, Weinert wrote.

“Old-fashioned, bolt-on multi-factor authentication was clunky, requiring copying codes from phone to computer and getting multiple prompts,” Weinert wrote. “Modern multi-factor authentication using apps, tokens, or the device itself is very low friction or even invisible to the users.”


  1. Normally I do not read article on blogs however I would like to say that this writeup very forced me to try and do so Your writing style has been amazed me Thanks quite great post


Please enter your comment!
Please enter your name here

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

A Rant: Stripping Privacy in This Era

The world has a privacy problem. Everything connected to the Internet (which is almost everything today), is for the taking. Looking around an average person's daily routine, it exposes the enlarging attack surface with each device we purchase, each...

Unveiling the Future: AI Breakthroughs and Their Impact

Welcome to the era where science fiction meets reality – the world of Artificial Intelligence (AI). In this exploration, we embark on a journey through recent AI breakthroughs, uncovering the marvels of advanced image recognition and natural language understanding....

 Navigating the Ethical Landscape of Artificial Intelligence

Introduction Welcome to a critical exploration of the brave new world of Artificial Intelligence (AI), where innovation and ethics intertwine. In this thought-provoking piece, we delve deep into the ethical considerations surrounding AI technologies. From the responsible use of AI...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.