Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    The Good, the Bad, and the Ugly About MFA

    Learning Lessons of MFAI have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of MFA and MFA hacking projects. But it was not until I developed a webinar for KnowBe4 called the 12 Ways to Hack MFA that I understood how many people were craving any information on MFA that they could find. It easily became my most requested webinar, and it still is. I taught it to hundreds of groups over the last two years, and I had standing-room only crowds at both Black Hat and RSA security conferences when they were available in person. I ended up writing an e-book on it for KnowBe4 and even helped to develop a quiz tool that mimicked my brain trying to hack your favorite MFA solution. Along the journey I learned about many more ways to hack various types of MFA. I ended up putting the over 50 ways anyone can hack MFA into a Wiley book called, Hacking Multifactor Authentication.

    In the process of all that activity, writing, and testing, I have hacked or security reviewed over 150 MFA products. I have learned a lot. I have even learned new things I wish I had put in the book. I am going to share the most important facts that I have learned about MFA solutions over the last few years in my latest webinar on the subject, “Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Solutions”. The first showing is March 10 th@ 2:00 PM ET. If you are interested in learning more about MFA, you should attend this webinar.

    In the webinar, I start out by discussing all the different types of MFA, including some obscure ones that most people have probably never heard of. Then I discuss how the different types of MFA solutions can be hacked. I cover what the best types of MFA do to prevent attacks and I cover the MFA solutions that, I myself, would never use, if I didn’t have to. It is the good, the bad, and the ugly about MFA. I even tell you how you can pick the best MFA for yourself and your organization.

    Let me share a few tidbits that I discuss in the webinar:

    • How your favorite MFA solution can be hacked
    • What is wrong with SMS-based MFA and why you should not use it, if you can avoid it
    • The good and bad about phone-based MFA
    • What makes one OTP MFA solution better than another
    • What MFA standards you should look for when choosing a solution
    • When you should run away from an MFA vendor

    It also contains another video of uber hacker and KnowBe4’s chief hacking officer, Kevin Mitnick, bypassing a very popular web service’s MFA like it was not even there.

    Again, I hope to see you there: “Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Solutions”

    Register by March 10th @ 2:00 PM ET!

    Save My Spot!

    Don't like to click on redirected links? Copy & paste this link into your browser:: https://event.on24.com/wcc/r/3040030/F3E95D7CCE5D2D01F58D74C0BCB89C0F?partnerref=blog

     

    Return To KnowBe4 Security Blog

    Topics: MFA

    Roger Grimes

    ABOUT ROGER GRIMES

    Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

    Read more from Roger »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews