Enabling Multi-Factor Authentication (MFA) is a cybersecurity best practice that helps protect online accounts from unauthorized access; however, not all forms of MFA are created equally in terms of security. There are ways that cybercriminals can bypass MFA. Some MFA methods are more vulnerable to cyber attacks and are often exploited by cybercriminals. There are methods of MFA that do a better job of protecting your online accounts; you just have to choose the correct option.
Continue reading to learn more about MFA, MFA bypass techniques cybercriminals use and how you can prevent MFA bypass.
What Is Multi-Factor Authentication?
Multi-factor authentication is a security protocol that requires people to provide additional authentication to gain access to their online accounts. When MFA is enabled, individuals must provide their login credentials along with another form of verification. MFA requires people to provide at least two different types of authentication factors. The different types of authentication factors include:
- Something you know: This type of authentication proves your identity based on something the user knows such as a password, answer to security question or PIN.
- Something you have: This type of authentication proves your identity based on something the user physically has such as a security key or One-Time Password (OTP).
- Something you are: This type of authentication proves your identity based on your unique biometric characteristics such as your face for facial recognition.
MFA adds an extra layer of security and protects online accounts from unauthorized access. Even if a user’s login credentials were compromised, cybercriminals could not access the account unless they also obtained the additional authentication factor.
MFA Bypass Techniques
Although MFA provides better protection for online accounts, it is not perfect. Some MFA methods can be bypassed by cybercriminals using a variety of techniques. Here are the techniques cybercriminals use to bypass MFA.
SIM swapping
A SIM card is a small card containing a chip that allows you to send and receive text messages and phone calls. SIM swapping is when a cybercriminal impersonates someone to convince a mobile carrier to activate a new SIM card. Cybercriminals will research their target to impersonate them and trick their mobile carrier into thinking they need a new SIM card. They will say their phone was damaged or lost but have a new phone that needs a new SIM card.
Once the cybercriminal has a new SIM card, they can receive the victim’s text messages and phone calls. Cybercriminals use SIM swapping to receive the victim’s 2FA codes from SMS authentication to gain access to their online accounts.
Social engineering
Social engineering is the psychological manipulation used to get others to do things or reveal private information. Threat actors will research the target to tailor their attack. They will impersonate a familiar face of the victim such as a company the victim often interacts with. The threat actor will use phishing to trick users into revealing personal information.
To bypass MFA, threat actors will send emails or text messages asking for a victim’s 2FA code or linking them to a spoofed website that will prompt them to enter their login credentials and 2FA code.
Email account takeover
An account takeover is a type of identity theft in which cybercriminals gain unauthorized access to someone’s online account and take it over. An email account takeover is a type of account takeover in which cybercriminals take over someone’s email account. Once a cybercriminal has gained access to a user’s account, they can lock the user out, monitor their activity, access their sensitive information, take over other accounts and impersonate them.
Some users will opt for email authentication in which they receive 2FA codes through their email account as their form of MFA. Cybercriminals will try to take over email accounts to steal 2FA codes and gain access to other online accounts.
Man-in-the-middle attacks
Man-in-the-Middle (MITM) attacks are a type of cyber attack in which cybercriminals place themselves between two exchanging parties to intercept transmitted data. Cybercriminals rely on fabricated and public WiFi networks because they are unencrypted and allow them to see any connected internet traffic. When a person is connected to an unencrypted WiFi network, cybercriminals can eavesdrop, steal and alter the transmitted data.
Cybercriminals use MITM attacks to bypass MFA by intercepting a user’s login credentials and any 2FA codes that have been transmitted over the internet, such as through email authentication. Cybercriminals then use the login credentials and 2FA code to access the account.
Malware
Malware is malicious software that cybercriminals use to infect a person’s device and steal their sensitive information. Cybercriminals will infect a person’s device using a variety of different methods such as phishing, spoofed websites, drive-by downloads, exploit kits, malvertising and Trojans. Once installed, cybercriminals can use malware to spy, alter or destroy their files, steal their sensitive data, damage their device or take control of a device.
Cybercriminals can use malware to bypass MFA. Once malware is installed on a device, it allows cybercriminals to take control and access 2FA codes that are stored on it.
How To Prevent MFA Bypass
People can prevent MFA bypass by using secure methods of MFA and following cybersecurity best practices. Here are the ways to prevent MFA bypass.
Use an authenticator app for MFA
An authenticator app is an application that is used as an additional method of authentication for MFA. It generates Time-Based One-Time Passwords (TOTP) locally on the user’s device. The TOTP will last for 30 to 60 seconds. After the TOTP expires, the authenticator app will generate a new and unique TOTP code based on a secret algorithm. A person will use their login credentials along with the TOTP code that the authenticator app generated to log in to their account.
To prevent MFA bypass, people should avoid using SMS and email authentication and instead use an authenticator app. SMS and email authentication can easily be intercepted by cybercriminals using SIM swapping and MITM attacks. Because authenticator apps generate TOTP codes locally instead of transmitting them over the internet, they are much safer to use and harder for cybercriminals to steal.
Avoid sharing 2FA codes
Cybercriminals will try to steal 2FA codes using social engineering attacks that trick you into revealing them. You should avoid unsolicited messages that prompt you to share 2FA codes. You should only share 2FA codes when you are trying to log in to your account.
Use security keys
A security key is a physical form of authentication that provides you access to systems, applications and accounts. It is often used as another form of authentication for MFA. Security keys are one of the strongest forms of MFA since they are something you physically have. Because you physically have the security key, it is difficult for a cybercriminal to steal it to gain access to your accounts. Security keys are also easy to use. All you have to do to authenticate yourself is tap the security key or insert it into your device. However, security keys are not accepted everywhere, so you should opt to use security keys wherever you can.
Protect accounts with strong passwords
Cybercriminals use a variety of techniques to steal MFA codes that allow them access to an online account. However, they cannot bypass MFA and gain access to your online account if you protect it with strong and unique passwords. If you use a strong password, you make it difficult for cybercriminals to guess your login credentials, which would prevent them from attempting to bypass MFA.
A strong password is at least 16 characters long and contains a unique and random combination of uppercase and lowercase letters, numbers and special characters. It avoids including any personal information, sequential numbers and letters, and commonly used dictionary words.
Stay educated about cyber threats
To prevent falling victim to MFA bypass, you need to stay educated about the latest cyber threats. Cybercriminals are constantly developing new ways to bypass MFA and gain access to your online accounts. You need to learn about cyber threats to recognize and avoid them.
Use Keeper® To Prevent MFA Bypass
One of the best and most convenient ways to prevent MFA bypass is by using an authenticator app as your main method of MFA. Because authenticator apps generate 2FA codes locally on your device, it makes it difficult for cybercriminals to steal them. To help simplify logging in to your accounts, you should use a password manager as your authenticator app.
A password manager is a tool that securely stores and manages your personal information in a digital vault. Good password managers have integrated authenticator app features that locally generate 2FA codes within the tool. They will store login pages in the vault and automatically fill in your login credentials and 2FA codes when you try to log in to your account.
Keeper Password Manager has integrated 2FA codes into the app to improve the security of your online accounts and simplify the login process. Sign up for a free trial of Keeper Password Manager to protect your online accounts and prevent MFA bypass.
