The numerical facts!
In the RSA Conference held earlier this month, Microsoft revealed that it tracks the number of accounts getting hacked every month. Out of one billion active users it got, over 30 million login events are recorded every day. In this, 99.9% of users aren’t using any MFA methods to secure themselves. This exposes them to potential password hacks. Not just Microsoft, but every other tech firm believes usage of Multi-Factor Authentication (MFA) makes it harder for an attacker to breach in. Methods like OTP texts, 2FA apps as Google Authenticator, etc would add another layer of security while login, making it more secure. Statistics revealed by Microsoft are astonishing. It said an average of 0.5% of total accounts gets compromised every month! That made up around 1.2 million users in January 2020 statistics alone. More intriguingly, these hacked accounts have a significant amount of enterprise accounts too. Further numbers say that only 11% of the total enterprise accounts use MFA, which is pretty bad, if not worse.
The Common Methods
Microsoft says the attackers use two simple attacks for breaching someone’s account – Password Spraying and Password Replaying. The former one’s simple, as the attacker tries matching a commonly used password with several usernames, hoping that at least a few would match. And the later one is trying an exposed password with other online accounts of the same person. This may open up all those accounts in which the victim used the same password. Considering the stats and future, Microsoft suggested sensitive customers as enterprises to ditch legacy authentication protocols like SMTP, IMAP, POP, etc, which wouldn’t support MFA. Further, the FBI has suggested users set simple passphrases over-complicated passwords to make their online activities harder to crack. Via: Microsoft