Password theft, MFA, and the Evolving Cleverness of Hackers

If you ask me what’s the most important thing you can do for cyber security, the answer is easy: MFA (multi-factor authentication). Password theft remains the most common cause of cyber security breaches, and MFA is the best way to combat password theft. So it’s a real shame that we still get pushback from some clients about implementing MFA for their Microsoft logins. 

The most common objection is that they can’t force employees to use personal phones for work. That sounds like a valid HR reason, except text messages are free and so is Microsoft Authenticator. Think of Microsoft Authenticator as a digital key you carry on your phone. That’s no different than carrying an office key in your pocket, right? If that’s asking too much, you might have bigger issues with your employees…

Ok, ok, I’ll do MFA. Are you happy now?

To be fair, MFA has seen pretty wide adoption. It’s just something you have to do this day and age, and most people (begrudgingly) accept it. However, in a proverbial cat-and-mouse game, hackers are now turning their attention to defeating MFA!

In the video below, a hacker sits between a user and a target site (Google in this case) to successfully steal access:

visualization of phishing - need for MFA

If you pay close attention to the browser’s address bar, it’s not hard to see that something phishy is going on. But that sort of thing can easily escape an untrained eye. 

Verizon released a highly respected annual report of data breach investigations, where in 2021 it stated:

“Eighty-five percent of breaches involved the human element”
https://www.verizon.com/business/resources/reports/2021/2021-dbir-executive-brief.pdf?_ga=2.240216515.1181598800.1645740434-370870604.1643065202

That’s a really polite way of saying hackers need suckers to be successful.

So clever you kind of have to admire it

In a recently observed breach, hackers bombarded victims with MFA notifications until the exacerbated victim finally said “YES!” just to make them go away.

https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications

This isn’t a hack as much as a really clever bit of social engineering. Or is it a cruel fraternity prank? Either way, you kind of have to admire the diabolic genius of it. I’m sure they had a good laugh all the way to the inbox.

There’s still hope!

Microsoft has been quietly working on a concept called “passwordless sign-in”. It’s actually available now. It works like this:

Log in to your Microsoft account as usual

mfa via passwordless sign in microsoft authenticator step 1

You’ll be given a temporary code

mfa via passwordless sign in microsoft authenticator step 2

Type the code in Microsoft Authenticator from your phone

mfa via passwordless sign in microsoft authenticator step 3

You’re in! 

Notice something missing from the process? At no point did you have to type in a password. If you don’t have a password, it can’t be stolen. Simple, right?

Only catch is that you need to install Microsoft Authenticator on your phone. Did I mention it’s free?

In conclusion

Hackers are clever, but so are security professionals. You can be sure we’ll be sharpening our claws for their next bright idea. But please…don’t let a bratty employee ruin the party.

PS: Are you a bad friend or did you advise your friends not to buy Microsoft 365 Business Standard?

Shwetha SunilShwetha Sunil
20:59 16 Sep 24
eren fernandezeren fernandez
18:58 10 Sep 24
Excellent Customer Service.
Jennifer JohnstonJennifer Johnston
18:46 10 Sep 24
Michelle McGinnisMichelle McGinnis
20:04 22 Aug 24
Brian was awesome, as usual. Highly recommended!!
Grace AttwaterGrace Attwater
21:25 20 Aug 24
We’ve been with Relion for quite a few years. They are professional, knowledgeable and prompt. We highly recommend using Relion for all your IT needs.
Wayne Lee (LEWAYHUN)Wayne Lee (LEWAYHUN)
20:24 21 Jun 24
Relion & their team has always been great about responding quickly, even on wkends.Friendly & knowledgeable, we frequently invite them to our Co events as they are so integrated into our Co as experts in their field.
Todd CTodd C
18:56 07 May 24
Hi all, This IT support company knows what they are doing.I was in IT support for many years, and I can tell you these guys know their stuff.They are friendly and never make you feel bad for your level of knowledge.Manny was able to get me set up and going.We had lots of challenges as my PC was not set up right by others. He found the right resources to get me all fixed in 1 Call.I will call back and ask for Manny again.Have a great day all.Rember to update your OS and Anti-Virus programs each week
Katherine TwomeyKatherine Twomey
21:43 01 May 24
Relion is an amazing IT company! They are super quick to answer both phone and email inquiries, they are kind, courteous, and knowledgeable! All of the techs are amazing, but I have dealt with Zach the most, and he is a pleasure to do business with!
Jacklyn WaltersJacklyn Walters
22:29 19 Apr 24
The Relion team is the best! No matter the problem, big or small or as simple as restarting your computer, they will help you solve it. I've worked directly with each member of the team and every one of them is a delight. They are patient, kind, and really know their stuff. After nearly three years working with them, I highly recommend Relion for all of your IT needs.Update: Two months since leaving my initial review, I have worked with Manny countless times on everything from setting up new devices to adding employee access to our company drives. He is always a pleasure to work with and solves any problems quickly and efficiently. Thanks Manny! (And the entire Relion team!)
David WalkerDavid Walker
22:26 08 Feb 24
Relion has been amazing! They have saved us from protential problems, helped us convert our entire network, phone lines, and mobile apps flawlessly. I have worked with them for at least 10 years now and would not have grown our our company with out them. Relion has helped us grow from 15 to 700 plus people.They have reduce our stress and allowed us to understand and grow with the constant changes in IT environment. They are one of our best partners in our business! Their entire team cares and are easy to work with.Dave WalkerWalker Brothers Machinery moving.
js_loader

BUSINESS

STARTING AT $1,000 PER MONTH

NON-PROFIT

STARTING AT $750 PER MONTH

Get a free consultation

Scroll to Top