Multi-factor authentication (MFA) is security control that adds an extra layer of protection to accounts by requiring multiple factors of identity to be verified before allowing a user to access an account. For users, this typically means presenting a username and password, alongside a second factor: such as a one-time passcode, a fingerprint scan, or a software or hardware token stored on a trusted device.
According to Microsoft, implementing MFA can stop up to 99.99% of account compromise attempts. MFA makes it much harder for hackers to gain access to your data – even if they are able to steal your password in a phishing attempt or malware attack. Unfortunately, hackers don’t give up easily, and as MFA has become more widespread, they have evolved attack methods to bypass MFA controls.
MFA bypass is a term used to describe a range of attack methods employed by hackers to circumvent MFA security controls. It ranges from social engineering attacks such as ‘MFA fatigue’ attacks, in which attackers spam authentication requests, up advanced malware hits to compromise software tokens in browser sessions.
MFA comes in many different form factors, some of which offer better resilience against MFA Bypass attacks than others. The most secure forms of MFA will support FIDO authentication – a passwordless, open-source form of MFA, that is resistant to MFA fatigue attempts. FIDO keys will include features like “number matching” to reduce the risk of social engineering, and have built in anti-tamper features. In this article, we’ll outline the top five solutions to prevent MFA bypass. We’ll consider key features, pricing, and our recommendations for which organizations best fit these technologies.
Why Should You Use MFA?
Improve account security. The answer is as simple as that. By using MFA, you are using (at least) two means of verifying identity. This drastically decreases the chances of a malicious actor being able to gain access to your account. For example, if you don’t use MFA, all an attacker needs to gain is your password to gain access to your account. If, however, your account also requires biometric authentication before permitting access, the attacker is unable to gain access.
Not all authentication factors were created equal. Some are harder for hackers to bypass, while others are easier to use in specific workplaces.
What Are Authentication Factors?
There are three common authentication factors that are used in MFA. These are knowledge factors, possession factors, and biometric factors.
Knowledge Factors – these include passwords and security questions. While these factors are quick and easy to make, they are not the most secure. Passwords are easily shared, or stolen, and can be hacked relatively easily. You should use a complex and unique password for each of your online accounts.
Possession Factors – these are things that you own. Most commonly, this will be a smartphone or device that is linked to your account. When you attempt to login, a notification will ask you to verify that you are trying to gain access. This method is secure and doesn’t negatively affect productivity massively.
Biometric Factors – these are some of the most secure factors in use. Biometric factors usually involve either facial recognition (FaceID) or fingerprint technology (TouchID). As many smartphone have these capabilities built in, use of this authentication factor has increased dramatically. This method is very hard to bypass.