Microsoft: ‘Multi-factor authentication prevents 99 percent of account hacks’.

According to Microsoft, 99 percent of account hacks can be prevented by using multi-factor authentication (MFA). The number applies to all accounts for any service or website.

In the blog post, Microsoft states that more than 300,000 illegal login attempts are made daily by cyber criminals. Microsoft cites an investigation by security company SANS Institute, which shows that there are three common incidents. First, corporate email accounts are often hacked by phishing or spoofing. This is because these accounts are often password protected. Secondly, there is the use of legacy protocols, which do not properly support the use of MFA. This means that MFA does not offer optimal security in that case, even if it has been used. The last problem is simply the re-use of passwords. Hackers then already spam passwords that have been captured in order to crack accounts with recycled passwords.

MFA and passwordless authentication

According to the SANS report, there are two main reasons for not using MFA. There is a misconception among companies that MFA requires external hardware; this is not true. Furthermore, there are concerns about the change for users, in other words, that users should make more effort. However, the use of better security can also be done gradually, says Matt Bromiley of SANS. “It doesn’t have to be an all-or-nothing approach. There are several approaches that organizations can use to reduce disruption for users, while at the same time achieving a more advanced state of authentication”.

Microsoft recommends that you take a leap into the unknown and start working completely password-free. This is possible with protocols such as WebAuthn or CTAP2. The use of biometric features such as fingerprints is also easier for users, as it is rather difficult to forget fingerprints. Moreover, accounts with this type of security are much more expensive and harder to crack for criminals.