Why MFA is getting easer to bypass and what to do about it
An entire cottage industry has formed around phishing attacks that bypass some of the most common forms of multifactor authentication (MFA) and allow even non-technical users to quickly create sites that defeat the protections against account takeovers. MFA works by requiring an additional factor of authentication besides a password, for instance, a fingerprint, face scan, or the possession of a digital key. In theory, this prevents attackers from accessing an account even after they phish a victim’s username and password. Most often, the second form of authentication comes in the form of a one-time passcode that is sent to the [...]