Is multi-factor authentication working?

The answer to this question is an undeniable "Yes - but not completely".

One of the most recommended security controls to prevent a cyber breach is to enforce multi-factor authentication (MFA) wherever possible. We are all familiar with the six digit codes sent to our inbox or cell phones when logging into applications but, are we familiar with MFA's weaknesses? MFA is widely recommended as the easiest way to protect an organization from a significant attack. Even The White House has mandated that all government agencies enforce MFA with Executive Order 14028.

The Convenience Factor

If we were to survey our colleagues about the convenience of security, we would likely discover that an increase in security protocols often leads to a decreased in usability. The principle of prioritizing convenience over security is not new; over time, many security features are overlooked or disabled because they can hinder effective operations and profitability. Simply put, the folks who simply want to get work done will find ways to increase convenience and unknowingly decrease security. Balancing security and usability is crucial for maintaining both safety and operational efficiency.

Lowering security measures for the sake of convenience can create vulnerabilities that cybercriminals exploit to bypass MFA. As one example, allowing user sessions to remain active for extended periods is a common convenience configuration that many incident responders and cybersecurity professionals recognize as a risk. Typically, once a user logs into an application successfully and satisfies MFA, by default some applications keep the session active (alive) for weeks at a time, sometimes for months. This poses a significant security risk: if a malicious actor gains access to a device with an active session, they could easily perform harmful actions and potentially lead to a data breach.

It is advisable to review this settings and consider revoking active sessions after a shorter period of time. A lot can happen in a week, and reducing the session duration can help mitigate potential security risks.

Hackers

As technology continues to evolve, so do the methods used by hackers to exploit weaknesses in our technologies. A key area that has significant attention are the attacking of MFA technologies. MFA is a technology that has been around for over a decade and while MFA is designed to enhance security it is not infallible.

Despite its effectiveness, there are numerous ways that hackers can bypass MFA. Techniques such as phishing, social engineering, and even sophisticated methods like the stealing of authentication tokens have emerged. The use of token-stealing attacks that target MFA codes, allow cybercriminals to hijack user sessions without needing to steal or obtain passwords directly. It’s crucial for organizations and individuals alike to stay informed about the evolving threats and the limitations of existing technologies.

Understanding how hackers operate and the tactics they use to bypass safeguards like MFA is essential for maintaining robust security practices. Ultimately, while MFA is a valuable tool, continuous vigilance is necessary to protect against emerging threats.

See how we can help you stay vigilant here.