Multi-factor authentication

Multi-factor Authentication (MFA) is a security measure that requires users to provide multiple forms of identity verification in order to gain access to their account. MFA is used commonly to keep companies’ cloud account secure and to prevent brute force hackers. MFA requires that a user validates their identity with another vector in addition to providing the correct username and password. However, as cyber attackers have grown increasingly sophisticated, multi-factor authentication is no longer enough to prevent malicious intrusions.

What is Multi-Factor Authentication (MFA)?

Why Does MFA Matter?

The most important aspect to MFA is boosting authentication security.

The main benefit of MFA is that it will enhance your organization's security by requiring your users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be shared or stolen by third parties.

Implementing MFA in an enterprise's identity and access management (IAM) with something like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cyber criminals.

What are the three main factor categories of MFA?

MFA is commonly based on three core authentication factor categories:

Knowledge factors

Knowledge based authentication (KBA) typically require the user to provide a secret information only they know, such as:

Answers to personal security questions
Password
PIN codes
One-time passwords (OTPs)

Possession factors

Something specific that the user owns as a requirement for login, such as:

App generated OTPs
OTPs received via text or email
Access badges, USB devices, smart cards or fobs or security keys
Software tokens and certificates

Inherence factors

Factors inherent to the user, usually in the form of biometric data. This includes:

Retina scans
Fingerprints
Hand geometry
Facial recognition
Earlobe geometry
Voice recognition
Behavioral recognition such as typing speed or mouse movement

Advantages and disadvantages of MFA

What are the disadvantages of MFA?

Keeps sensitive data safe from opportunistic cyber threats: For some networks, MFA provides enough security to keep its users’ safe from brute force hackers and credential compromisations. MFA can protect data from these types of brute force and credential hackers and attacks.
Allows for a less extensive sign in process for high security networks: Implementing multi-factor authentication can make the sign in process less intensive and allows your cybersecurity team to weed out failed login attempts.
Helps organizations meet security compliance requirements: Under certain circumstances, some organizations are required to implement MFA to meet compliance regulations.

What are the disadvantages of MFA?

Does not protect against account takeovers: Cyberattackers can now bypass MFA by smartly tricking account owners into downloading a software, clicking a sinister link, and more. This allows hijackers to hack the account and gain access.
There are many ways to bypass MFA directly through implementation faults: Hackers have found multiple ways to bypass MFA, rendering it useless as a preventative measure.
Time-consuming Logins: MFA often increases the time and effort required to login to a network.

What kind of threats does MFA prevent?

As a key aspect to identity and access management (IAM) policy, MFA can thwart some of the most common cybersecurity threats such as:

Keyloggers
Credential stuffing
Brute force and reverse brute force attacks
Man-in-the-middle (MITM) attacks

Vectra AI: When MFA is Not Enough

While multi-factor authentication (MFA) was once the single best technique to reduce the possibility of a breach, breaches in cloud networks, like Microsoft Office 365, continue to occur. MFA security measures are no longer enough to deter malicious and insidious attacks. Of those attacks, account takeover breaches are the fastest growing and most prevalent, adversely impacting organizations’ reputations and incurring financial consequences.

The importance of keeping a watchful eye on the misuse of user access cannot be overstated given its prevalence in real-world attacks. In the current cybersecurity landscape, security measures like multi-factor authentication are no longer enough to deter attackers.

SaaS platforms like Office 365 are a safe haven for attacker lateral movement, making it paramount to focus on user access to accounts and services. When security teams have solid information and expectations about SaaS platforms such as Office 365, malicious behaviors and privilege abuse are much easier to quickly identify and mitigate.

Deployed in minutes without agents, Vectra CDR for Office 365 gives you visibility of your Office 365 attack surface and allows you to:

Detect suspicious account activity, such as multiple failed login attempts followed by success, and which accounts were used in both scenarios.
Be aware of the creation of Power Automate flows, addition of new accounts, and installation of malicious applications
Discover privilege escalation, including adding users to groups