Here’s How Attackers Are Circumventing Microsoft’s Multi-factor Authentication, Expert Weighs In

Following the news that: 

Here’s how attackers are circumventing Microsoft’s multi-factor authentication

Here’s how attackers are circumventing Microsoft’s multi-factor authentication – OnMSFT.com

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Michael Tanaka
Michael Tanaka , Chief Commercial Operator
Industry Leader
August 24, 2022 8:06 am

Circumventing MFA altogether can be highly effective. In this case the attacker is simply taking advantage of the confusion that normally follows any policy change. It’s perfectly timed – users are confused and they’re unaware of what is expected of them.

User confusion and expectations also enable another attack mentioned – Push Fatigue. You might wonder why a user would respond to a push notification they didn’t initiate, but they do. Sooner or later, given enough attempts some users will simply press “ok” because they have given up understanding what’s being asked of them, they’re tired and don’t care any-more.

It’s a clear reason why we need to minimise the number of steps to authenticate. Every step introduces the chance of user failure, system failure and attack. Keep it simple, keep it one step.

Last edited 1 month ago by Michael Tanaka
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x