Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service.

If the service provider supports multi-factor authentication, Microsoft recommends using it, regardless if it’s something as simple as SMS-based one-time passwords, or advanced biometrics solutions.

“Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA,” said Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft.

Passwords don’t matter anymore

Weinert said that old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help.

He should know. Weinert was one of the Microsoft engineers who worked to ban passwords that became part of public breach lists from Microsoft’s Account and Azure AD systems back in 2016. As a result of his work, Microsoft users who were using or tried to use a password that was leaked in a previous data breach were told to change their credentials.

But Weinert said that despite blocking leaked credentials or simplistic passwords, hackers continued to compromise Microsoft accounts in the following years.

Take Back Your Day

Learn how the latest technologies can free up your time so you can focus on your business

Share This