Multi-Factor Authentication

Written by David MacCallum

18th March 2020

< 1 min read

Microsoft revealed that 1.2 million Microsoft accounts were compromised in January 2020 from Malicious Attackers. They also said that over 99.9% of these users did not have multi-factor authentication enabled which could have secured the majority of attacks. Approximately 80% of the compromised accounts were compromised from either Password Spray or Credential Stuffing attacks.

In a Password Spray Attack, the attackers try commonly used passwords to authenticate into lots of accounts. Microsoft has observed a 1% success rate on average.

In a Credential Stuffing Attack, the attackers take known username and password combinations from leaks on 3rd party sites. These credentials are then used and are successful when the same credentials have been reused between sites.

Both types of attacks primarily use basic auth to attempt authentication, such as SMTP, IMAP, POP, as there are a lot of existing hacking tools build to exploit them.

Okta is one of our recommended solutions for identity and access management. They offer several  software and hardware MFA solutions, and have a wide Integration Network with a number of vendors including F5, Palo Alto and Fortinet.


Check Out These Related Posts