Recent surveys indicate nearly 74% of organizations plan to increase their spending on multifactor authentication (MFA) initiatives. That’s a good thing, given that about 80% of security breaches are the result of credential theft. MFA adds a few additional layers of credentials to the authentication process, such as device tokens, OTPs (one-time passwords), and/or biometrics. This way, attackers can’t launch an attack simply through hacked passwords.
Having said that, MFA is not inviolable. You can’t just deploy MFA and walk away. With a few extra tricks and steps, sophisticated threat actors can circumvent MFA. Below are a few common MFA pitfalls attackers can take advantage of: