Are You Being a Sold a Bill of Goods With MFA Security? #190

In Episode #190,  Bill is joined by computer security expert and Data-Driven Defense Evangelist at KnowBe4Roger Grimes.

There are a lot of misconceptions surrounding MFA and what it can and can’t do. The thing that opened people’s eyes to just how simple it is to get around MFA was when Kevin Mitnick, formerly “The World’s Most Wanted Hacker,” now the Chief Hacking Officer at KnowBe4, gave a demonstration on how to hack the MFA around LinkedIn. (Link to demo)

People couldn’t believe how simple it was to get around MFA. The expectation was that MFA would leave you protected from 100% of hacking 100% of the time. They had been sold a false bill of goods.
Bill loves this quote from Roger where he puts MFA into perspective, “The vast majority of hacking doesn’t care about your MFA. But MFA will significantly reduce the risk of, let’s say, phishing; they’re trying to get your password. If you don’t have a password, they can’t phish you out of it. So, there’s a difference between saying MFA significantly reduces, significantly from 100% to 1%, many forms of hacking, of authentication hacking.”