MFA Bypass Risks
Phishing-resistant MFA.
MFA Is Not Unbreakable
MFA dramatically reduces account takeover, but it is not a silver bullet.
Attackers have developed several techniques to bypass weaker forms of MFA.
SIM Swapping
SIM swapping tricks a mobile carrier into moving a victim's phone number to the attacker's SIM.
Any SMS-based codes then arrive at the attacker. This is why SMS is the weakest second factor.
All lessons in this course
- Authentication Factors
- TOTP and HOTP
- Push and Hardware Keys
- MFA Bypass Risks