This is something worth thinking about as cybercrime continues to grow and evolve, and as companies are looking to protect themselves and company valuables from costly attack. 

Cybercriminals are getting craftier with their methods. Take recent news of a Phishing attack targeting Microsoft 365 email accounts. This large-scale campaign used a relatively new method called AiTM or Adversary in the Middle to gain access.

Attackers used AiTM phishing sites to steal passwords, hijack sign-in sessions, and bypass the authentication process, even when MFA was enabled. Hackers then used stolen credentials and session cookies to access users’ mailboxes and launch business email compromise (BEC) campaigns against other organizations. Experts estimate that 10,000 + organizations have been targeted since 2021. …

I bring it up because I think it’s important to distinguish between what is Phishable MFA and NonPhishable MFA.

We’ve heard the US government pushing organizations to use “phishing-resistant” MFA. As phishing attacks like the above continue to grow in number, it’s critical to find a solution that is Non-phishable.

But what does that mean? I’ve included a chart above, outlining what factors are phishable and which are not. The gist is that anything that you need to remember or type in (passwords or OTPs), or anything that is guessable or shareable or traveling from one device to another can potentially be Phished.

The number one phishable factor, and the first one attackers are after is, of course, the password. Why? It’s easy. TraitWare has eliminated the password entirely, and any phishable factors from login with Passwordless MFA + SSO.

Find out more about how TraitWare does MFA. Reach out any time to book a short demo. I’d love to show you how it works!

We also realize the reluctance to adopt MFA across the enterprise is still there, despite words from experts and leaders. People seem to think they’re not at risk, or that MFA is too difficult. We’re here to tell you that TraitWare is simple (from deployment to login) and cost-effective, not to mention built using the highest industry standards for security.

But don’t take our word for it.

Instead of preaching, here are a few words on MFA I read today from Amazon’s CSO, Steve Schmidt:  

“What we’re trying to do is to get ahead of people having to hit their thumb with a hammer to say, ‘Don’t swing the hammer at your thumb; here’s a way to avoid it.”

Perhaps you’ve considered MFA for your company but have questions about cost, simplicity, time to deploy, or user experience. 

We’re here to help.

Heath Spencer – TraitWare CEO