"You know, we are protected against phishing because we have implemented multi-factor authentication." This phrase, we have heard it too many times.
As you know, at Arsen we are very committed to raising awareness among employees about cybersecurity.
Where a trained and aware employee is an active defense for the company, an untrained person represents a real danger.
Indeed, a user who has not been properly prepared is a weak link that can be exploited and can bypass the tools and technical protections in place.
In this article, I will show you in a video how from a simple phishing email, we can bypass multi-factor authentication, also known as MFA or 2FA.
Demonstration
Conclusion
As you have understood, 2FA is not a miracle solution that will solve all your identification problems.
It is a good practice that allows for better control over identity and will likely deter or prevent certain attacks.
However, a motivated and skilled cybercriminal will be able to bypass this type of protection if your employees are not properly trained and aware.