CALL US 647-847-4660

Uzado's Blog

Everything you need to know about cybersecurity tools, news, and standards


Can Multi-factor Authentication Be Hacked?

blog-mfa-how-it-worksLast month, the FBI sent out a security advisory to its industry partners warning about attacks that can sometimes pass multi-factor authentication solutions (MFA).  Their warning specifically focused on SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser.

The FBI provided a number of examples in their bulletin, which you can find on Zdnet.  While it is alarming to think that there are hackers out there capable of bypassing MFA, MFA is still considered more effective than not having it. The FBI made it very clear that its alert should be taken only as a precaution, and not an attack on the efficiency of MFA, which the agency still recommends. As quoted in their bulletin: "Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks," the FBI said.  According to MicrosoftMFA helped users block 99.9% of all account hacks.

How can users, as the FBI suggests, protect their online accounts?  Phishing and social engineering tricks are the most common ways to either intercept SMS messages or get the user to give up their username and passwords.  There are also stronger forms of MFA out there; a list of the different types showing their effectiveness can be found here.  Remember that MFA is better than just a password alone, but you must always remain vigilant as nothing is “unhackable.”

Contact Us About Phishing Awareness Training

SHARE THIS STORY | |

Search

Recent Posts

Subscribe to Email Updates