Sponsored by Abnormal Security, Enzoic, OpenText, and Token
Published September 2024
Executive summary
Data breaches and ransomware attacks make headlines every day in the mainstream news. These articles routinely comment on the need for multi-factor authentication (MFA), especially if it wasn’t used. This emphasis can give the impression of MFA as a silver bullet, and that using it can easily prevent breaches. However, the reality is more complex. It is more accurate to say that while the presence of MFA reduces the likelihood of a breach, not all MFA is created equal, and the risk of data breaches continues to rise even as organizations implement MFA.
Despite these challenges, we strongly advise organizations to continue using MFA. Instead of abandoning it, organizations should focus on improving and strengthening how MFA is implemented—including the types of MFA being used. This should be part of a broader effort to reinforce security measures throughout the entire authentication process, ensuring that every step is as secure as possible given the risks involved.