Founder and CEO,
December 07, 2019
Two (2FA) and Multi Factor Authentication (MFA) can considerably reduce those risks.
As with the recent HackerOne incident, humans remain the weakest link in every organization. Microsoft’s campaign to augment account security serves as a great example to other vendors. In light of billions of valid passwords being sold on the Dark Web, password reuse attacks are super-efficient today. Worse, even the largest technology companies are often toothless to protect their customers from such attacks, as the exploitation happens in the area beyond their observation and control.
Two (2FA) and Multi Factor Authentication (MFA) can considerably reduce those risks, however, most of the users regard these as irritating inconveniences and would rather deactivate them whenever possible. Moreover, sophisticated phishing attacks enhanced with social engineering may defeat these security mechanisms. Continuous security monitoring for anomalies is a formidable weapon in detecting account compromise in a timely manner but, given that a considerable number of users are logging in from different time zones and IP addresses, it’s no silver bullet.