In January 2020, a reported 1.2 million Microsoft accounts were compromised. According to Microsoft engineers, it was because 99.9 percent of the compromised accounts do not use multi-factor authentication.
What is Multi-Factor Authentication?
Multi-factor authentication is the process of identifying users by validating two or more “factors,” or characteristics that are unique to that user. Common implementations of two-factor authentication include a password, a one-time passcode, or provided via a token.
While authentication is the process by which a computer validates the identity of a user with the username and password, multi-factor authentication adds an extra layer of protection and security against one of the most common types of breach—compromised credentials.
Roughly 11% of enterprise users currently utilize multi-factor authentication despite Microsoft stressing the importance of securing your business’s sensitive data.
According to Microsoft, the most common form of attack to hack Microsoft accounts is password spraying. This technique takes easy-to-guess passwords and goes through a list of usernames until an attacker can get into the account.
The second most common method of attack is password replay. With this technique, an attacker takes leaked credentials from another company and tries them with a Microsoft account. It relies on people using the same password across multiple accounts.
Network needs vary based on the size and type of organization. We know that determining how to best protect your assets and educate your employees can present unexpected and unique challenges and we are here to help. For assistance on how to best secure your network, implement MFA or schedule security training, let us know and we would be glad to help you get started today.