Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [NEW BOOK] Hacking Multi-Factor Authentication

    Hacking MFA BookI’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.

    Most people think using multi-factor authentication (MFA) makes them impervious to hacking, but that simply isn't true. The book covers over 50 ways to hack MFA, including many as simple as a phishing email. The book begins by explaining why passwords are so bad and why MFA is supposedly coming to the rescue. It then covers all the ways anyone can hack various MFA products. Any MFA solution can be hacked at least 4-5 ways and most over ten ways. If you’ve been told or read that using MFA makes you far less likely to be hacked you’ve been lied to. MFA is good, but if you've been told you can relax your defenses you'll be worse off in the end.

    The book discusses how MFA works behind the scenes, how it can be hacked, and what developers and end-users can do to make their MFA solution as resistant to hacking as is possible. It covers all the various types of MFA solutions, gives a framework for threat modeling and penetration testing various MFA software and hardware, and gives a checklist anyone can use to help them pick the right MFA solution for their organization. It even covers when additional security is too much security and picks winners and losers in the MFA world. Hacking Multifactor Authentication is the first book to focus solely on MFA authentication and security, including all strengths and weaknesses. It cuts away the marketing hype and will make any reader an MFA security expert.

    To be clear, MFA does significantly cutdown on many types of hacking. For example, if you don't have a password (and use MFA instead), any phishing attack asking for your password is not going to work. But there is a huge difference between saying that MFA makes many forms of hacking less likely to succeed and that MFA makes it unlikely you'll be hacked. In fact, once hackers know you use MFA, you can even be tricked easier if you aren't aware of the potential attack types. The key to using MFA correctly, is to make sure you use a good MFA implementation and solution and to educate the end-users about the various types of attacks against they that may still be successful. An educated security user is a better and more secure user.

    Check out my LinkedIn article here. Happy Reading! 

     

    Return To KnowBe4 Security Blog

    12 Ways to Defeat Multi-Factor Authentication On-Demand Webinar

    Webinars19Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, explores 12 ways hackers use social engineering to trick your users into revealing sensitive data or enabling malicious code to run. Plus, he shares a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick.

    Watch the Webinar

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/webinar-12-ways-to-defeat-mfa

    Topics: Phishing, Password Security, MFA

    Roger Grimes

    ABOUT ROGER GRIMES

    Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

    Read more from Roger »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews