Computer Security Identity

Think Again About Your 2-Factor Authentication


Did You Know That 90% of MFA Solutions are Phishable?

If you have 2-factor authentication implemented, it doesn’t automatically mean that all phishing attacks can be prevented. People are always startled when they hear that their current Multi-Factor Authentication solutions can be easily phished by hackers, and many are shocked when we explain to them just how simple it is to bypass or
hack most MFA solutions.

In many cases, it’s as easy as getting access to someone’s password for one of their accounts. Here’s a video example showing just how easy is it to phish an MFA service.

Stronger MFA Solutions are Critical

If you’re currently searching for an MFA solution, your top priority is to ensure that it is phishing resistant. As previously alluded to, 90-95% of most MFA tools are easily phishable, and the only option to avoid being the victim of cybercrime is to upgrade to a solution that is phishing resistant. Here’s a list of MFA solutions that are phishing resistant, but if you have any questions about finding one for your GTA business, then contact us here.

What can you do if you have a Phishable MFA Solution?

If your SMB is currently using a vulnerable MFA solution, and you are not able to make an immediate switch, then at the very least – it is critical that you apply a robust cybersecurity awareness and training program for all your employees.

Keep in mind that even the strongest MFA solutions are not completely phishing-proof. No solution will be completely bulletproof to cyber-attacks and that is why your employees, stakeholders, and any other business members in your organization should be educated in the following areas.

  • What does MFA prevent and does not prevent?
  • How to properly use your MFA
  • How to handle a rogue attack
  • Common phishing attacks and how to avoid them

Here’s a Scenario to Consider if your Current MFA is Vulnerable to Man-in-the-Middle attacks.

You need to ensure that all your end users know what to look for and to pay special attention to URL links and attachments sent via email. Even though this is very straightforward, many people still fall for unsuspecting emails and cannot defend themselves against rogue phishing threats if they saw one.

The next critical step is ensuring that your users know what to do next if they suspect that they have been phished. Many people get scared and ignore it, but the right thing to do is to immediately report it to your IT department.

Pro-Tip: it is critical to be aware of spear phishing attacks and how to spot them. Hackers successfully impersonate internal staff at your organization and if no one reports it to an IT authority, then this can be a major problem if they are

Push-Based MFA is a type of multi-Factor protection, you need to ensure that all employees know how to handle
authentication prompts for all their logins (including logins that are not active). Studies have shown that up to 30% of employees with push-based MFA approve login prompts even when they are not trying to log in to the application.

You should never fully trust that all your employees understand cyber safety and that they will know how to defend themselves. Ongoing education and awareness are essential ingredients in protecting your GTA business, whether you have great MFA solutions in place or not.

Finally, you should have a formal discussion about MFA with your current provider to find out how resistant your current strategies are. Even though this is common knowledge, and it is no secret, many SMBs are simply unaware of how easy it is for MFA to be bypassed. It is in your hands as a business owner to ensure that your business has the best tools to keep it safe. For more information on better MFA Solutions for your GTA business, contact us here.