More than 99% of compromised Microsoft accounts did not use Multi-Factor Authentication
Ensuring the safety and privacy of our online presence – be it email accounts, Internet banking, or social media accounts — is highly important these days. But for some reason, individuals and businesses don’t seem to take account safety and privacy measures seriously. As a result of this irresponsible attitude towards basic cyber hygiene, we have witnessed a spike in terms of the number of privacy-related attacks in recent years.
If you are a Microsoft user, your account might be at risk without multi-factor authentication. In their recent presentation at RSA Conference, Microsoft engineers made some shocking claims and revelations. Believe it or not, more than 99 percent of the business users whose accounts had been compromised don’t use multi-factor authentication. Now, what is multi-factor authentication, you ask?
99% of compromised Microsoft Accounts lacked Multi-factor authentication
Multi-factor authentication (MFA) provides an additional layer of security to, let’s say, two-factor authentication or 2FA. In short, you can say it is one step ahead of 2FA as far as ensuring your account safety is concerned. Similar to 2FA, users are expected to show multiple pieces of evidence before gaining access to an account.
Microsoft says cybercriminals manage to compromise 0.5% of all Microsoft enterprise accounts every month. The reason is simple: There are very few Microsoft users who use multi-factor authentication. In fact, more than one million Microsoft accounts were compromised in January 2020 alone, and out of those one million+ accounts, 99.9% of accounts were not using MFA.
According to Alex Weinert, Director of Identity Security at Microsoft, the majority of accounts fell prey to simple password spraying attacks targeting older legacy authentication protocols like POP, SMTP, IMAP, and XML-Auth. Most of these accounts were compromised because attackers used a collection of statistically likely passwords.
“Don’t be confused. People do re-use their enterprise accounts in non-enterprise environments.”
It goes to show the importance of using strong passwords and the consequences of using the same password for multiple accounts and services.
Weinert revealed that 99% of password spray attacks targeted legacy protocols. Even though it may have compromised only 0.5% of accounts in a month, the probability of such attacks on older legacy authentication protocols is much higher.
Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.