MFA Fatigue and the resilience of phishing

As we discussed last month, while MFA is a great layer of protection it is not full-proof, something which UBER discovered recently much to it’s dismay. As ever in fraud and ‘cons’, sometimes the simplest methods are the most effective.  While there has been a rise in advanced Phishing as a Service (PhaaS) offerings that aim…

Read more

There are no silver bullets

An article today by TechRadar about a new Phishng-as-a-Service with MFA bypass as a key selling point reminded me of something from a few years back, I was at a security event and attending a presentation by a reputable cyber security form on social engineering. Towards the end of the presentation they began summarising some…

Read more

MFA: What it is and what it’s not

When a user ‘logs on’ to a system or application with a username and password, they are going through the process of authentication – literally verifying that the login is ‘authentic’. Unfortunately, an authentication system based on two pieces of text (username and password) is only as strong as the security of the pieces of…

Read more