Multi-factor authentication (MFA) is a security tool used to help protect access to your various online accounts. This year, Bethel began requiring MFA be used when connecting to resources from off-campus for our employees. With time, use of MFA will become the norm on most applications for most users, however it is not a fool-proof security solution. Attackers have devised ways around this protection and you should know how they are doing that.
First of all, MFA is a way of combining multiple things as a safeguard when logging in. This can be something you know (password) something you have (a phone) or even something like a fingerprint (biometrics). When you combine all these things together, its much harder for an attacker to access your account remotely.
With the rise in use of MFA, attackers have moved to more advanced social engineering and phishing attacks which this blog has discussed in the past. There is also a new method known as “prompt bombing”. Here are some basics:
- Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
- Sending one or two prompts per day. This method often attracts less attention, but “there is still a good chance the target will accept the MFA request.”
- Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.
Please never approve a MFA attempt that you didn’t initiate. You can report any malicious log-in attempts through the DUO application and we recommend you use the mobile app over options such as a phone call unless extenuating circumstances exist for this reason.
Also know that no-one at Bethel will ever ask you for a passcode from our MFA application, nor will we ever ask you for your Bethel community account password.
Bethel is planning to continue to expand MFA use on various applications and for different members of our community in an effort to keep everyone’s information safe. However, nothing is an absolute perfect solution and we all need to constantly learn and adapt as technology changes.