Should We Be Rethinking Multifactor Authentication?

AP
Aaron Painter
Oct 3, 2022
Learn more

KEY POINTS:

KEY POINTS:

  • Attacks exploiting multifactor authentication are on the rise.
  • Using MFA fatigue, attackers successfully breached Uber and Okta.
  • Security measures like authentication with biometrics and passwordless logins mitigate risk.

Power in Passwordless: Rethinking Multifactor Authentication After Increase in Attacks

It’s easy to imagine – your work email prompts a sign-in approval on your phone before you have access. It seems secure, right? One day, you get a prompt while off work and are not logged in to your email. You deny it. It comes up again and again. Each time, you’re careful to deny the request. Let’s say the notifications continue – relentlessly. In this attack, it’s common for users to become careless and accidentally give attackers an opening. The technique is called MFA fatigue or prompt bombing (Tech Target), and there’s been an influx of these attacks.

“Professionals are abuzz on one topic – the failure of multifactor authentication or MFA, as it is commonly known,” said Aaron Painter, CEO, Nametag. MFA has been a part of directives and advice in improving security for digital account access for the last few years. “Recent security breaches at a host of companies, most recently at Uber, have pointed to the rise of what’s known as MFA fatigue,” said Painter.

There are a handful of security measures available to mitigate these attacks. Consider a safety net that locks accounts with multiple attempts within a short time. This measure prevents users from experiencing fatigue. Alternatively, professionals suggest one-time passwords. This step is a higher assurance of factors. “It turns out that adding more factors of authentication to passwords isn’t the right answer. Perhaps the solution is that we need better factors,” said Painter.

Microsoft recommends passwordless solutions, which effectively defend against this and more advanced adversary-in-the-middle attacks (Bleeping Computer). Another source, TechTarget, also suggests adopting a passwordless solution. “Passwordless authentication removes passwords from the process, which can drastically reduce risk.” Other passwordless solutions use biometrics for authentication. Apple and Google’s Face ID exemplifies biometric confirmation. “Plus, passwordless authentication reduces friction and improves UX. It also increases the efficiency of IT and security operations, reducing the amount of time and effort spent handling password resets and account lockouts” (TechTarget).

“The recent Lapsis attack and other critical vulnerabilities like those of Print Nightmare have brought warnings even from the likes of the FBI regarding state-sponsored threat actors using exploits like multifactor authentication,” said Painter. Organizations of all sizes are vulnerable to these attacks, including Okta and Uber (CSO). Like most security measures, cyber attackers eventually find a way around them. Pivoting measures to the latest technology and tactics keeps your company safe and secure.

 

Follow us on social media for the latest updates in B2B!

Image

Latest

RED
The Framework Series Advantage: The RED Marketing Edge Every Brand Needs
February 4, 2025

Marketing is evolving fast, and brands must adapt or risk being left behind. RED Marketing highlights the critical need for messaging that is relevant, easy to engage with, and distinct. These three factors set successful brands apart. A 2023 McKinsey study found that companies leading in customer experience achieved more than double the revenue growth…

Read More
conversational capacity
The Framework Series Advantage: Strengthening Teams with Conversational Capacity
February 4, 2025

Effective team communication is important in today’s fast-paced business environment. In his book Conversational Capacity: The Secret to Building Successful Teams That Perform When the Pressure Is On, Craig Weber highlights the importance of balancing candor and curiosity in discussions. This approach helps teams navigate complex challenges, leading to stronger decision-making and improved organizational…

Read More
Marketing
A DisruptED Series of Conversations with Marketing Thought Leader Ivonne Kinser, Author of THINK (Ep. 3)
February 4, 2025

In an era where marketing is constantly reinventing itself, staying ahead of the curve requires more than just keeping up with the latest technology—it demands a new way of thinking. With over 14,000 marketing tools available today, the landscape is more complex than ever. As AI accelerates change and traditional tactics lose their impact,…

Read More
DisruptED in the D with Chris Dargin Part 2
February 4, 2025

As the tech industry continues to reshape the globe and offer up unprecedented opportunities for innovation, entrepreneurship, and workforce disruption, it has also allowed some big towns the ability to see benefits. With Detroit rebuilding itself from economic downturns and industrial decline, the city is seeing a rise in tech-driven initiatives aimed at fostering…

Read More
Related
Software & Technology
DisruptED in the D with Chris Dargin Part 2
February 4, 2025
Healthcare
DisruptED in the D with Chris Dargin Part 1
February 4, 2025

The tech industry continues to be a dynamic sector that sees constant evolution and growth. It also offers a variety of career opportunities. However, the traditional path of obtaining a four-year degree is no longer the only way to break into tech. With the rise of bootcamps, certifications, and other unconventional career journeys, many…

Read More
Healthcare
More Intel on Quantum Computing with Sean Brehm at Spectral Capital
February 4, 2025

Quantum computing is gearing up to revolutionize industries in a multitude of ways. With AI accelerating rapidly, quantum computing is also having its impactful moment, and even on its way to alter cybersecurity, finance, and data processing. And there’s a reason for the rise. Cybercrime alone is a $10 trillion industry that is exposing…

Read More