Multi-factor auth fatigue is real – and it's why you may be in the headlines next

2022-11-03 20:45

"It's a huge threat because it bypasses the security measures put in place by an organization, including one of the most effective, which is MFA," Sami Elhini, biometrics specialist at Cerberus Sentinel, told The Register.

The attacks on MFA come as businesses, with the COVID-19 pandemic lifting, are adopting cloud-first and zero-trust models, which often rely on MFA to protect data and applications, Stephanie Aceves, senior director of products management at Tanium, told The Register.

"MFA fatigue poses a serious threat to organizations because it is a fairly trivial way for a patient attacker to gain access to private company resources," Aceves said, noting that it targets the most significant risk to enterprises - people who can be manipulated.

"People have been told they need to get rid of passwords and move to MFA, but they aren't being told that the vast majority of MFA is easily phishable, as easy to steal or bypass as your password," Roger Grimes, data-driven defense analyst for KnowBe4, told The Register.

Patrick Tiquet, vice president of security and architecture, at Keeper Security, told The Register that organizations must recognize that not all MFA methods are susceptible to MFA fatigue attacks.

"Not all MFA is equal and cyber-awareness is critical, along with additional security controls such as privileged access management [that] can help reduce these risks, such as moving passwords into the background and ensuring each account has strong unique complex passwords," Joseph Carson, chief security scientist and advisory CISO at Delinea, told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/03/mfa_fatigue_enterprise_threat/

#headlines #multi