When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Multi-Factor Authentication stops 99% of all attacks.
Its a phrase we hear a lot.
Many are as easy to hack with social engineering and phishing as traditional passwords.
One plausible answer is that business software packages thinkGoogleWorkspace orMicrosoft365 come with in-built two-factor authentication.
Businesses may, therefore, think that investing in another solution is an unnecessary additional expense.
And they do so without carefully considering the difference between good MFA and bad MFA.
Founder and CEO of IDEE.
At face value, this seems quite secure.
Its a double-edged sword that many businesses fail to fully grasp when choosing theirsecuritysolutions.
Meanwhile, the human element is employed by hackers to defeat push notifications via prompt bombing.
There are two main causes: session cookies and centralization.
A session cookie is a piece of information stored in the users devicebrowserafter authentication.
Therefore, anyone with access to the session cookies can infiltrate the user account without being required to authenticate.
These attacks can be prevented with the use of phish-resistant MFA such as a passkey.
However, they are still vulnerable due to their reliance on centralization.
As a result, passkeys can also be bypassed, and cannot provide meaningful security to businesses.
To adapt the old cliche, a cybersecurity solution is only as strong as its weakest link.
User credentials are often that weak link.
This is a critical shortcoming of many MFA solutions and a particularly pertinent issue in the UK.
This weakness basically means that a users account might be secure once the solution has been implemented.
More must be done to raise awareness of the difference between phish-resistant and phish-proof.
Precious few MFA solutions can truly claim to be phish proof.
The next generation of MFA
This may seem like a scathing attack on MFA.
Fortunately, though, as noted at the start, not all MFA is created equal.
Better solutions are out there.
The next generation of MFA solutions addresses the weaknesses outlined above.
They do this by eliminating the vulnerabilities and phishable factors that leave businesses IT systems open to attack.
The key innovation of this new wave of technology is that they move beyond the reliance on passwords.
We’ve featured the best encryption software.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc.
If you are interested in contributing find out more here:https://www.techradar.com/news/submit-your-story-to-techradar-pro
