![]() ![]() MFA is not effective against legacy authentication protocols. “No problem though,” I hear you say, “all our users are protected by MFA, and MFA can block almost all account compromise attacks.” Whilst that statement is certainly true ( over 99.9% true according to Microsoft), what is commonly overlooked is that MFA can only block account compromise attacks where modern authentication is being used. ![]() No doubt the information contained in the mailboxes of these users could be useful for any number of further hacking activities. Through various nefarious means, a hacker has managed to obtain a list of compromised username and password combinations for your organisation – including some C-level executives. Let’s run through an example of why legacy authentication represents such a security risk. Azure AD accounts in organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled.More than 97 percent of credential stuffing attacks use legacy authentication.More than 99 percent of password spray attacks use legacy authentication protocols.Here are some rather stark facts from Microsoft about legacy authentication: ![]() The reason for this is simple – unlike modern authentication protocols, legacy authentication methods neither understand nor respect multi-factor authentication (MFA). What are the risks of legacy authentication?Īlthough legacy authentication is still commonly (and legitimately) used in many organisations it offers a major security weakness to hackers, providing them with ‘back door’ access to your corporate data. ![]()
0 Comments
Leave a Reply. |