2 posts tagged with "mfa"

Following from the prior post discussing MFA use cases and bypasses, this post expands on the prior article and adds further ideas on protecting your users' identities.

Ever since Multi Factor Authentication (MFA) started gaining popularity as a means to limit the usefulness of stolen credentials, it was only a matter of time before attackers adapted to the new reality (as demanded by the Red Queen Effect).

In this article I look at common MFA methods that are not phishing resistant, as well as a recent attack that bypasses MFA.

Check the follow-up post for a different take on bypassing MFA and the resulting implications.