The top cyber threats facing the manufacturing industry are ransomware, supply chain attacks, insider threats, phishing and social engineering attacks. In 2023, the manufacturing sector accounted
Updated on November 18, 2024.
Yes, Multi-Factor Authentication (MFA) can be bypassed by cybercriminals if you use weak MFA methods. MFA is a security protocol that requires you to provide additional authentication to gain access to your online accounts apart from your username and password. It’s important to understand that not all forms of MFA are created equally in terms of security so you have to be cautious about how you choose to protect your accounts.
Continue reading to learn how cybercriminals bypass MFA and how you can prevent MFA bypass on your accounts.
How cybercriminals can bypass MFA
Here are a few of the techniques cybercriminals use to bypass MFA.
SIM swapping
In a SIM swapping attack, cybercriminals impersonate you to trick your mobile carrier into thinking you need a new SIM card. They may tell your mobile carrier that you’ve lost or damaged your phone and have another phone where the SIM card can be “swapped” to. If a cybercriminal successfully tricks your mobile carrier into swapping your SIM card onto their device, they’ll be able receive your text messages and phone calls. If you have SMS authentication enabled as a form of MFA, the cybercriminal can receive your Two-Factor Authentication (2FA) codes and gain access to your accounts.
Social engineering
Social engineering is a psychological manipulation technique used to get others to do things or reveal private information. A common type of social engineering is called phishing in which a threat actor sends you a text, email or calls you in an attempt to trick you into giving away your sensitive information.
To bypass MFA, threat actors may send you emails or text messages asking for your 2FA code or send you a text with a link that’ll direct you to a spoofed website. If you click on that link, you’ll most likely be prompted to enter your login credentials and 2FA code. By entering this information onto the spoofed website you’re essentially handing over you credentials to the cybercriminal which can then be used to compromise your actual account.
Email account takeover
An email account takeover is when a cybercriminal gains access to your email account and locks you out of it by changing your password. Having your email account taken over can be dangerous because almost all of your online accounts are connected to your email. If you’re someone who receives their 2FA codes through email, an email account takeover allows a cybercriminal to bypass MFA for every account that uses it as an MFA method.
Man-in-the-middle attacks
Man-in-the-Middle (MITM) attacks are a type of cyber attack in which cybercriminals intercept two people transmitting information to one another. Cybercriminals rely on fabricated and public WiFi networks because they are unencrypted and allow them to see any connected internet traffic. When a person is connected to an unencrypted WiFi network, cybercriminals can eavesdrop, steal and alter the transmitted data. Cybercriminals use MITM attacks to bypass MFA by intercepting a user’s login credentials and 2FA codes that have been transmitted over the internet such as the 2FA codes you receive through email.
How to prevent MFA bypass on your accounts
Here’s how you can prevent cybercriminals from bypassing your MFA method and compromising your account.
Use secure MFA methods
The best way to prevent MFA bypass is to only use MFA methods that are secure. While receiving 2FA codes through email or text is convenient, they’re also the easiest MFA methods for cybercriminals to bypass so they should be avoided if given other options of verification. Here are a few MFA methods you should consider using instead:
- Authenticator app: Authenticator apps generate Time-Based One-Time Passwords (TOTP) locally on your device. The TOTP will last for 30 to 60 seconds. After the TOTP expires, the authenticator app will generate a new, unique TOTP code based on a secret algorithm.
- Hardware security key: Hardware security keys are physical USB-like devices that authenticate your identity. To authenticate yourself using a security key all you have to do is tap or insert it into your device.
- Passkey: Passkeys are a newer authentication technology that enable you to verify your identity the same way you log into your devices such as by using Face ID or your fingerprint. Depending on the website or application, they may allow you to use passkeys as a sign-in method or only as an additional verification method.
Avoid sharing 2FA codes
Cybercriminals may try to steal your 2FA codes by sending you phishing emails and texts. No legitimate company will ever ask you to reveal your login credentials or 2FA codes via email, text or phone call. If you’re asked to provide this information, don’t. Instead, avoid interacting with the message and block the number or email address immediately so they’re unable to contact you again. You might also want to alert the company they were impersonating to let them know that cybercriminals are targeting their users.
Protect accounts with strong passwords
For a cybercriminal to bypass your MFA method, they would first need to know your password. It’s important to ensure each of your accounts is using a strong, unique password that can’t be easily guessed or cracked by cybercriminals. The best way to protect your accounts from compromise is by using a password manager. Password managers aid you in creating, storing, managing and sharing your login credentials. By using a password manager to secure your accounts, you’ll no longer need to remember passwords on your own because the password manager stores them for you in a secure vault that only you can access with your master password or biometrics.
Use Keeper® to prevent MFA bypass attacks
One of the best and most convenient ways to prevent MFA bypass is by using an authenticator app as your main method of MFA. Because authenticator apps generate 2FA codes locally on your device, it makes it difficult for cybercriminals to steal them. A little-known benefit to using a password manager like Keeper is that it can generate and store your 2FA codes. By storing your passwords and 2FA codes in the same vault, you can log in to your accounts more seamlessly without having to juggle multiple applications.
Keeper Password Manager has integrated 2FA codes into its application to improve the security of your online accounts and simplify your login process. Curious to see how Keeper helps you secure your online accounts with strong passwords and MFA? Start a free 30-day trial today.