The increasing use of multi-factor authentication (MFA) to secure accounts is a welcomed improvement over static username/password combinations, and it's long overdue. Unfortunately, there are several multi-factor authentication bypass techniques that can put virtually every organization's data at risk, both on premise and in the cloud. It is imperative that those responsible for securing sensitive data understand the impact of these attacks so they can build robust, defensible architectures that protect against these advanced adversary Tactics, Techniques, and Procedures (TTPs).
This talk will explore powerful techniques that can bypass most modern strong authentication methods: