Should We Be Rethinking Multifactor Authentication?



  • Attacks exploiting multifactor authentication are on the rise.
  • Using MFA fatigue, attackers successfully breached Uber and Okta.
  • Security measures like authentication with biometrics and passwordless logins mitigate risk.

Power in Passwordless: Rethinking Multifactor Authentication After Increase in Attacks

It’s easy to imagine – your work email prompts a sign-in approval on your phone before you have access. It seems secure, right? One day, you get a prompt while off work and are not logged in to your email. You deny it. It comes up again and again. Each time, you’re careful to deny the request. Let’s say the notifications continue – relentlessly. In this attack, it’s common for users to become careless and accidentally give attackers an opening. The technique is called MFA fatigue or prompt bombing (Tech Target), and there’s been an influx of these attacks.

“Professionals are abuzz on one topic – the failure of multifactor authentication or MFA, as it is commonly known,” said Aaron Painter, CEO, Nametag. MFA has been a part of directives and advice in improving security for digital account access for the last few years. “Recent security breaches at a host of companies, most recently at Uber, have pointed to the rise of what’s known as MFA fatigue,” said Painter.

There are a handful of security measures available to mitigate these attacks. Consider a safety net that locks accounts with multiple attempts within a short time. This measure prevents users from experiencing fatigue. Alternatively, professionals suggest one-time passwords. This step is a higher assurance of factors. “It turns out that adding more factors of authentication to passwords isn’t the right answer. Perhaps the solution is that we need better factors,” said Painter.

Microsoft recommends passwordless solutions, which effectively defend against this and more advanced adversary-in-the-middle attacks (Bleeping Computer). Another source, TechTarget, also suggests adopting a passwordless solution. “Passwordless authentication removes passwords from the process, which can drastically reduce risk.” Other passwordless solutions use biometrics for authentication. Apple and Google’s Face ID exemplifies biometric confirmation. “Plus, passwordless authentication reduces friction and improves UX. It also increases the efficiency of IT and security operations, reducing the amount of time and effort spent handling password resets and account lockouts” (TechTarget).

“The recent Lapsis attack and other critical vulnerabilities like those of Print Nightmare have brought warnings even from the likes of the FBI regarding state-sponsored threat actors using exploits like multifactor authentication,” said Painter. Organizations of all sizes are vulnerable to these attacks, including Okta and Uber (CSO). Like most security measures, cyber attackers eventually find a way around them. Pivoting measures to the latest technology and tactics keeps your company safe and secure.


Follow us on social media for the latest updates in B2B!



gpu deployment
Applied Digital is Scaling Up Infrastructure to Handle Growing GPU Deployment Needs
May 20, 2024

During a transformative period, Applied Digital experienced a significant increase in demand for large-scale GPU deployment. This demand required a focus on power density, as the networking within data centers, particularly for InfiniBand, necessitated that servers be located close together. Each server consumed 10.2 kilowatts of power, and the optimal performance was achieved when…

Read More
power sources
Applied Digital is Revolutionizing High Performance Computing by Locating Facilities at Unique Power Sources
May 20, 2024

Applied Digital optimizes high-performance computing by leveraging unique power sources, and locating facilities at the source of power rather than in traditional cloud regions. This approach is particularly suited for AI workloads, which do not require ultra-low latency like video streaming. By targeting areas with abundant but underutilized power, known as “stranded power,” the…

Read More
Experts Talk K-12 EdTech Leadership Priorities
K-12 EdTech Leadership Needs a Bigger Seat at the Table to Overcome Cybersecurity, Staffing, Professional Development Challenges
May 20, 2024

As we navigate the evolving landscape of K-12 education, the role of technology, as well as K-12 edtech leadership has never been more pivotal. Especially in the era of K-12 education post-pandemic, how has this influx of technology solutions for everything from curriculum management, to hybrid learning, to quiz gamification, to AI-supported learning, impacted…

Read More
energy reporting
Energy Reporting for Utilities & Businesses Isn’t Just for Transparency. It’s for Energy & Cost Savings, Too.
May 20, 2024

As cities and states increasingly implement energy benchmarking, disclosure, and transparency mandates, utilities and businesses find themselves navigating a complex landscape of compliance and opportunity. The rise of building performance standards, such as New York’s Local Law 97, Boston’s Building Energy Reporting and Disclosure Ordinance (BERDO), and Denver’s Energize Denver, underscores the urgency for detailed…

Read More