In January alone, Microsoft warns that 1.2 million accounts were compromised and most of them were preventable by one simple security measure – multi-factor authentication (MFA). The 1.2 million figure is around 0.5% of enterprise accounts on their systems – that’s a staggering amount. Alexander Weinert, Microsoft’s Director of Identity Security, told an RSA, “If you have an organization of 10,000 users, 50 of them are going to be compromised this month.”
Even more surprising, it was revealed that though there are multiple tools available to defend against all but the most sophisticated of these attacks, only 11% of enterprise users make use of those tools. A compromised account is an issue—regardless of the level of exposure, especially since 80% of those 1.2 million attacks in January could likely have been prevented with simple things like strong passwords, no password reuse and MFA.
Multi-factor authentication is the simplest possible add-on to a username and password and even the most basic MFA which comprises of a one-time passcode sent by email or SMS is immeasurably better than not having anything at all. “Multi-factor authentication,” Microsoft confirmed, “would have prevented the vast majority of those one-million compromised accounts.”Back to News