Stolen credentials can pose a major threat and give attackers instant access to a company's assets — employee data, customer data, sensitive information and financials. According to the 2022 Verizon Data Breach Investigations Report (DBIR), stolen credentials are responsible for nearly half of all cyberattacks. This is up from about 30% in 2017. The increase of stolen credentials on the dark web has made additional authentication methods vital for identity protection. The most commonly discussed is multi-factor authentication (MFA). MFA is a layered approach to cybersecurity where a user must present two or more credentials to verify that they are, in fact, who they say they are.
Previously touted as a vital security feature, MFA is not all it was once cracked up to be. Recent attacks on Uber and Twilio have shown that attackers are finding ways around it. One of the main problems with MFA? The tired person on the other side. Employees receive non-stop notifications requesting access to systems and, eventually, they give in or make a mistake.