Microsoft: 99.9% of blacked accounts do not use multi-factor authentication

At last week’s RSA security conference, Microsoft engineers said that 99.9 percent of the compromised accounts they track each month did not use multi-factor authentication, a solution that prevents most automated account attacks.

The cloud computing giant says it tracks more than 30 billion sign-in signed-ins every day and more than 1 billion active users per month. Data show that on average, about 0.5 percent of accounts are hacked each month, and by January 2020 that number was about 1.2 million.

Microsoft says that as of January 2020, only 11 percent of highly sensitive enterprise accounts have multifactorauthentication (MFA) solutions enabled.

In most cases, account intrusions occur after a fairly simple attack. The main way to hack microsoft accounts is to choose a normal, easy-to-guess password and then match a large number of user names until the password is used to access the account.

Microsoft: 99.9% of blacked accounts do not use multi-factor authentication

Microsoft says the second source of hacked accounts is duplicate passwords, where attackers get credentials that are leaked on another platform and then try the same credentials on a Microsoft account, and once users reuse the same username and password.

According to Microsoft, the first thing each company should do is enable a multifactor authentication solution for user accounts. Since last year, Microsoft has been asking companies and users to enable multi-factor authentication, which prevents 99.9 percent of accounts from being hacked. (zdnet)