Here’s How Attackers Are Circumventing Microsoft’s Multi-factor Authentication, Expert Weighs In

By   ISBuzz Team
Writer , Information Security Buzz | Aug 24, 2022 12:05 am PST

Following the news that: 

Here’s how attackers are circumventing Microsoft’s multi-factor authentication

Here’s how attackers are circumventing Microsoft’s multi-factor authentication –

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Tanaka
Michael Tanaka , Chief Commercial Operator
August 24, 2022 8:06 am

Circumventing MFA altogether can be highly effective. In this case the attacker is simply taking advantage of the confusion that normally follows any policy change. It’s perfectly timed – users are confused and they’re unaware of what is expected of them.

User confusion and expectations also enable another attack mentioned – Push Fatigue. You might wonder why a user would respond to a push notification they didn’t initiate, but they do. Sooner or later, given enough attempts some users will simply press “ok” because they have given up understanding what’s being asked of them, they’re tired and don’t care any-more.

It’s a clear reason why we need to minimise the number of steps to authenticate. Every step introduces the chance of user failure, system failure and attack. Keep it simple, keep it one step.

Last edited 1 year ago by Michael Tanaka

Recent Posts

Would love your thoughts, please comment.x