According to the 2017 Verizon Data Breach Investigations Report “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” A solution to this problem is to use Multifactor Authentication to prevent a stolen password from being enough for an adversary to gain access to critical systems. This has been true for a long time. Yet MFA is still only used for specific use cases, like remote access. And even there, not universally. Why is this? It is because MFA has traditionally been what social scientists call “a pain-in-the-ass” for both users and IT.
Let’s face it. The current security stack of firewalls amalgamated with a dozen other security products has been rendered irrelevant by advanced cyberthreats, from predatory malware to credential theft and man-in-the-middle attacks. And with certainty we can predict more attacks (and larger attacks) into increasingly sensitive apps and databases.