MFA Bypass has become a hot-button issue in the cybersecurity industry. MFA bypass occurs when fraudsters successfully avoid undergoing MFA authentication and can log in after completing just one single authentication step (generally entering the correct password). This means that while legitimate customers are undergoing MFA flows, fraudsters have the ability to skip them altogether. I recently spoke with Bill Fish, Prove’s VP of Authentication, about what companies can do to prevent MFA bypass and protect themselves from this growing security threat.
The interview has been edited for brevity and clarity.
Bill: There are many ways fraudsters can bypass authenticators but here are three of the most common methods:
Bill: Here are a few of the most powerful ways Prove can prevent MFA bypass from taking place:
Bill: Many companies will "bootstrap" authentication devices with an existing username and password. This makes the new "strong" authenticator only as good as the UN/PW, and the user is no more secure as a result. Prove recommends our PRO model of Possession, Reputation, and Ownership, which allows the new, encrypted keys to inherit the high level of confidence Prove is able to generate.
When using a mobile phone as a second factor, using a cryptographic key on that device will be the best way to have confidence in the MFA. The first time that device is seen, there should also be checks to make sure that the phone number can be trusted before establishing those keys.
Strong binding helps not only to establish the multi-factor credential the first time a user shows up but also is needed when the user changes phones. That happens every couple of years on average for a user, so handling that change will be critical. Prove's strong binding makes that process painless.
Fraudsters are leveraging the MFA Bypass technique at unprecedented rates, posing a major threat to companies. In order to fortify against MFA bypass and prevent fraud, companies can leverage Prove’s cryptographic authentication technology without compromising the user experience.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.