Microsoft: 99.9% account is not invasion of multi-factor authentication is enabled

News 2020-03-08 08:40:50 views: null

In last week's RSA security conference, Microsoft engineers talked about their monthly traced to 99.9% of the infected account is not enabled for multi-factor authentication (MFA), and the solution can automatically block most attacks account.

According to Microsoft's data, they are tracking more than 30 billion times a login and over 1 billion monthly users live every day. Approximately 0.5% of the average monthly account theft, in January 2020, this figure specifically about 1.2 million.

When a business account being attacked, the situation will be worse. Microsoft said that as of January 2020, in these highly sensitive accounts, only 11% enable multi-factor authentication (MFA) solutions.

The main source of most Microsoft account password is hacked spray (password spraying), attackers often choose relatively easy to guess passwords, try to crack one by one account, then use a second password in order to try to attack, and so on.

The second major attack is the password for playback (password replays), that is, using a set of data was leaked, in another attempt to sign the platform, if you repeatedly use the same account password will move in different platforms.

Microsoft Identity and Security Architect Lee Walker pointed out that 60% of users will reuse passwords, so it is best not to confuse, corporate and non-corporate environments Account should also be distinguished.

Basically these two types of attacks are carried out against the older authentication protocols such as SMTP, IMAP, POP, etc., mainly because these old MFA does not support authentication protocol solution, then very easily be exploited by hackers.

Walker reminded those organizations that use legacy authentication protocol should be disabled immediately. Microsoft's data show that the old agreement is disabled tenants, the account was decreased by 67% the rate of invasion.

In addition, Microsoft recommends that each organization should give priority to enable MFA solution for user accounts, "This will prevent 99.9% of the account was hacked."

Source: ZDNet

Guess you like

Origin www.oschina.net/news/113904/microsoft-99-9-of-compromised-accounts-did-not-use-mfa
Recommended
Open signature electronic signature: stop new additions, optimize experience, and make progress (work before the May Day holiday)
Kaiyuan Daily | Open source front-end animation engine for middle school students; the world’s first Llama3 8B Chinese version open source model; Lenovo Computer may be out of business; Linus satirizes AI hype
Ranking
Fast data acquisition card in the acquisition and analysis of radar signals in Application Notes
Simple understanding of regular expressions
Wannafly Challenge 15 C "a team" (Josephus kind of problem)
[Self-study] Using python for data analysis LESSON6 <Introduction to pandas——Introduction to pandas data structure 2>
RAID implementations 116.211.146.88
2020 strongest dubbo face questions + Answer: architectural design services + + framework design cluster configuration
Introduction to GPS time
DOTween download address for each version
Deep learning and computer vision practical learning (0) - basic tools, NVIDIA driver and CUDA installation
[NOIP2012 Improvement Group] Borrow classroom
Daily
More
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)
2024-04-13(18)

Code World

© 2018 codetd.com