ZeroFox's Social Engineering Series breaks down aspects of the threat into digestible reports and outlines defensive actions that can be taken to combat it.
Part three of this series takes a deep dive into the bypassing of multi-factor authentication (MFA) security protocols, why and how threat actors do it, and how the threat can best be mitigated.
Multi-Factor Authentication Overview
MFA is an evolution of two-factor authentication (2FA)—a manifestation of zero-trust cybersecurity architecture designed to scrutinize the implicit trust afforded to users of endpoint devices. 2FA requires users seeking to access a network to satisfy an identification challenge, in addition to providing a correct username and password. The number of times that a user is confronted by these challenges varies but typically will be one of the following:
- Every time access is requested, offering the highest level of security.
- Upon the detection of anomalies, such as a new log-in device or location.
- Time-sensitive, such as once per day or after periods of inactivity. ..read more!