Nearly every breached Microsoft account doesn’t have a multi-factor authentication solution enabled. What about your account? Do you know if it’s secure?

At the latest RSA security conference, Microsoft engineers told attendees that 99.9% of the accounts that are compromised each month don’t have a multi-factor authentication solution enabled.

Multi-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Despite how basic and easy to use multi-factor authentication is, nearly every login event Microsoft tracks use only basic authentication processes – a username and password. In January 2020, that resulted in 1.2 million breached accounts.

How Do Cybercriminals Compromise Unprotected Accounts?

Without a multi-factor authentication solution in place, user accounts are vulnerable to basic cybercrime attack vectors, including:

  1. Password Spraying
    Microsoft engineers noted that a majority of the attacks use a method called password spraying, in which the cybercriminal picks a likely password, and uses it on a long list of usernames.
  2. Password Replays
     The second most prevalent attack type was password replaying, in which cybercriminals use a password from one company’s account and try it on another. This takes advantage of the 60% of users that reuse their passwords.

These techniques are particularly effective against legacy authentication protocols, including SMTP, IMAP, and POP. In fact, 99% of password spraying attacks and 97% of password replay attacks target these out of date protocols, because they don’t integrate with multi-factor authentication solutions.

How Can You Protect Your Microsoft Account?

You need to disable legacy authentication protocols and update to one that supports multi-factor authentication. Microsoft notes that doing has resulted in a 67% reduction in breaches.

If you’re unsure about how to implement a multi-factor authentication solution, don’t try to handle it all on your own. The TLC Tech team will help you evaluate your password practices and security measures as a whole to make sure you’re not taking on any unnecessary risks.

Learn how Managed IT Services can help your business.
Discover the best IT company suited for your business.