Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes

Multifactor authentication is often the first (and too often, the last) line of defense against motivated attackers trying to get access to sensitive data. While is it correctly hailed as a cornerstone of in-depth network defense, adoption rates are outpacing education about the real-world attack scenarios levied against MFA schemes everyday. Here, we present an attempt at a modern threat model of MFA schemes today, with a breakdown of both classic and novel tools and techniques and what security teams responsible with enforcing MFA can do about it.

Presented by