Multifactor Authentication

The value of multifactor authentication (MFA) is illustrated by a recently published report by Microsoft’s security team about a multi-stage, large-scale phishing campaign that was effective only against organizations without MFA.

In these attacks, the bad actors first stole victims’ credentials using a fake DocuSign phish that directed them to a spoofed Office 365 login. The attackers then exploited the prevalence of BYOD policies to register their own devices on the target network using the stolen credentials.

However, because properly deployed MFA prevents attackers from using stolen credentials to access devices or networks, those organizations using MFA were safe because the attackers were not able to move forward with the second stage of the attack to expand their presence on the targeted network and propagate the attack further.

The Microsoft security team said the attacks demonstrated just how flawed the use of usernames and passwords is as a method for authentication,...

This publication is only available to our subscribers.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of KuppingerCole research including this blog.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  

Stay Connected

KuppingerCole on social media

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00