The importance of establishing adequate security measures to safeguard accounts on the Internet has only increased over time. Here, technologies such as 2-factor authentication play an important role.
However, despite various warnings issued from time to time, our ignorant attitude only compromises our accounts. Microsoft officials speaking at the RSA Conference have revealed that nearly 99.9% of all compromised accounts they discovered did not have multi-factor authentication (MFA) methods.
Hacked Microsoft accounts
Typically, Microsoft has over a billion monthly active users and handles over 30 million login requests per day. Here, the percentage of accounts that are compromised each month is around 0,5%. And for January 2020, the number is 1.2 million.
Technicians also revealed that only 11% of all business users used MFA at least once in the month of January. They noted that using MFA all the time would have saved many, if not all, of those 1.2 million accounts.
Here, the techniques most used by attackers are "password spraying" and password replication. In password sparying, the attacker attempts to break into multiple user accounts using a bunch of commonly used passwords. For password reiteration, the hacker uses a compromised user's login credentials to other services.
Although it is a bad practice, it is common to see that many people use the same password in various places and increase your chances of being hacked.
For the uninitiated, multi-factor authentication is established by adding multiple layers of credentials to provide access to an online account or other resource. Its basic implementation may be OTP-based authentication via SMS, but more advanced solutions implement hardware-based security tokens.
Tech companies are also targeting passwordless login, using technologies like WebAuthn.
Technicians also revealed that attackers primarily target older authentication protocols like POP and SMTP because they don't support MFA. Furthermore, removing these legacy protocols from an organization's systems is a tedious task.
They found up to a 67% reduction in compromised accounts for users who disabled legacy authentication protocols. Therefore, Microsoft recommends making legacy authentication a thing of the past.
by ZDNet