Explore the website

Get email updates with every new article published

Looking for something?

No posts to display

Explore the website

Get email updates with every new article published

Looking for something?

No posts to display

Sunday, December 22, 2024

Tech News, analysis, updates, comments, reviews

Explore the website

Get email updates with every new article published

Why Lack of MFA adoption by users raises concerns over security

This is a case study of Microsoft's users adoption of MFA. Only 28% of Microsoft users have MFA—as thousands of attacks every second target unprotected accounts.

“It looks like you’re at risk of being hacked. Would you like to start using multi-factor authentication?”

Yes, this might be a fictional prompt from a long-abandoned Clippy, but maybe the digital assistant needs to step in—because only 28% of Microsoft users were using multi-factor authentication (MFA) as of December 2022.

In fact, according to a blog post from Microsoft’s VP of identity security, Alex Weinert, 99.9% of user accounts that are compromised don’t have MFA authorized. Hackers launch thousands of password attacks every second against Microsoft systems, targeting users who aren’t protected by MFA.

“Multi-factor authentication is one of the most basic defenses against identity attacks today,” Weinert wrote, adding that the 28% adoption rate was confounding and had the expected reaction from hackers: “With such low coverage, attackers increase their attack rate to get what they want.”

The difference in numbers is stark: Where those unprotected by MFA see thousands of attacks per second, users with the security measure experience a relatively low amount of tens of thousands of attacks per month. Weinert said he recommends Microsoft users take steps to protect themselves beyond simply any multi-factor authentication and use products like Microsoft Authenticator, Windows Hello, and FIDO.

Feeling sleepy. But as IT Brew reported last year, MFA fatigue—where attackers find a password and send request after request to a user’s device in hopes they’ll finally give up and give the go-ahead—works with Authenticator as well.

“What Microsoft did was [try] to make it as simple as possible. They made it too simple,” SANS Institute Director Lance Spitzner said. “That’s what bad guys are taking advantage of.”

The future is likely to focus less on passwords and more on biometrics and codes. For now, though, MFA is the best way to ensure security for the vast majority of users: It’s easy to use, makes intuitive sense, and is set up across multiple companies and the internet.

That makes the resistance to using it from more than 70% of Microsoft users so confounding—especially as the nature of MFA itself is changing, Weinert wrote.

“Old-fashioned, bolt-on multi-factor authentication was clunky, requiring copying codes from phone to computer and getting multiple prompts,” Weinert wrote. “Modern multi-factor authentication using apps, tokens, or the device itself is very low friction or even invisible to the users.”

1 COMMENT

  1. Normally I do not read article on blogs however I would like to say that this writeup very forced me to try and do so Your writing style has been amazed me Thanks quite great post

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Salesforce Flaw Allows Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications, which could potentially lead to a full account takeover. The flaw was identified during a penetration test and is tied to misconfigurations within Salesforce Communities, specifically within the Salesforce Lightning...

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.

Exit mobile version