A naukri.com initiative
VentureBeat
1M
415
Why MFA alone won’t protect you in the age of adversarial AI
- While multi-factor authentication (MFA) is still critical in cybersecurity, enterprises should complement it with stronger authentication methods. Traditional MFA methods, like SMS and push notifications, are nearly as vulnerable as passwords alone. With phishing attacks and advanced artificial intelligence (AI) tools, attackers can easily bypass MFA methods and trick users into providing their credentials. Passwordless methods, such as passkeys, biometrics and geolocation, are gradually replacing traditional MFA methods. Data privacy is also crucial when coming up with a failsafe strategy to safeguard confidential information even after a cybersecurity breach.
- MFA became mainstream in the mid-1990s to 2000s as more enterprises went online. But hackers are cunning and crafty and come up with new ways all the time to break through the fortress of MFA. Thanks to increasingly sophisticated AI tools, stealthy threat actors can craft phishing campaigns “at mass scale” using advanced psychological tactics and even make situations seem urgent to their victims.
- Biometric tools such as fingerprint or facial recognition can be a supplement to traditional MFA. You can sign into apps and websites after 3D mapping verification, device trust registration and fingerprint scanning. However, even biometric methods are not completely foolproof. Hackers may use deepfakes or steal a photo of the legitimate user to bypass biometrics tools.
- Organizations should also not neglect analytics tools and the pertinent data they collect, which can help boost their cybersecurity even after the fact. Advanced analytics can help with identity threat detection and analytics when attackers bypass MFA, providing a fail-safe strategy. Personally identifiable information (PII) must be cryptographically protected (masked, tokenized or encrypted) to make it useless to attackers even amidst a data breach.
- MFA is here to stay and weak MFA is still better than having none. However, in the end, there’s never going to be a single factor that in and of itself is completely secure.
Read Full Article
25 Likes
For uninterrupted reading, download the app