BLOG

What Is MFA Fatigue And How To Turn Authentication Into A Real Cybersecurity Tool?

MFA fatigue has been the entrance door for major cybersecurity attacks recently, and the weakness of every password-based MFA method. How to fight MFA fatigue so that human error gets out of the cybersecurity picture, and companies turn their authentication solutions into a real cybersecurity tool? 

MFA fatigue: Attacks on the rise

MFA fatigue attacks are gaining popularity among hackers proving to be a new and simple way for them to compromise companies`s credentials and gain access to their networks. But what is it really? 

MFA fatigue happens when a hacker sends an overload of constant multi-factor authentication messages to a user`s MFA app, until the user finally accepts it. Companies implement MFA as the latest cybersecurity tool to keep their data safe, so employees have to have a second device to receive a code in order to get access to their work computers. This constant requirement of 2nd factor authentication methods like codes or tokens has become a major problem for employees ending on accepting all the codes they receive, which might not all be from the right senders.The most recent example is the International ride-hailing company, Uber, which was breached by a teenage hacker who managed to easily go around Uber`s MFA mechanism through one single employee. The hacker tricked an Uber employee into granting him access by “bombarding” the employee with repetitive and persistent multi-factor authentication (MFA) push notifications until the employee, tired of receiving a constant cascade of access requests, gave up and accepted. 

Uber attack: MFA fatigue`s latest victim

It took only one employee for a hacker to have access to an Uber data.. Uber`s cyber attack is the most recent one on a longer MFA fatigue raid that also includes Microsoft and Cisco as victims. This perfect example of MFA fatigue and an MFA fatigue attack puts the so-called “human error” back on the table: when it comes to securing access to devices, is the employee still to blame? Or is it that traditional MFA to cyber-protect users and devices is not really effective? 

According to independent research conducted by IBM, TrendMicro, and Stanford University, human error accounts for 80% to 90% of breaches. So, why are companies still trusting authentication tools that depend on human intervention and factors that a hacker can easily get hold of?

MFA Fatigue: A human error no password can solve

Human error is much more than the ground for MFA fatigue. It is a vulnerability vector that many companies are trying to deny with less success every day. Legacy MFA solutions try to compensate for this vulnerability gap with more intricate passwords and authentication factors that just make human error, credential compromise and cybersecurity breaches more possible. Any security method that leaves all the burden of security on the workforce`s shoulders makes cybersecurity vulnerable. 

In fact, a recent study shows that 76% of employees experience regular password problems and 60% of cyber attacks come from insider threats and compromised credentials.  Attacks such as the ones against Okta, Twilio, Cisco, and now Uber will just continue happening as long as vulnerabilities of  multi-factor authentication exist. 

There are different ways to improve an MFA strategy, but only one technology with the features to eliminate human error, password dependency, and provide a true phishing resistant solution at a scale that protects users continuously and without their intervention.

How to fight MFA fatigue with touchless continuous authentication

The new technology being able to address the current state of multi-factor authentication and fight MFA fatigue is touchless continuous authentication technology. 

Continuous authentication is developed by combining biometrics and computer vision algorithms that authenticate users according to their facial biomarkers. This way, authentication needs no password or code, just the distinct face of the user. Making authentication continuous and touchless requires a different look from how the industry generally approaches authentication. 

And that’s precisely what Hummingbirds AI decided to do when they created a touchless continuous authentication tool,  GuacamoleID. 

What is GuacamoleID: The Touchless Continuous Authentication tool

GuacamoleID is an intelligent application that uses computer vision to continually check for the authorized user, and turn it into a pass-key. So whenever users step away from the screen, it will be blocked and, as soon as the authorized user comes back, the screen will be available without the need of entering a password. GuacamoleID automatically logs in and logs out. With GuacamoleID the user`s face becomes the access key to the device, which makes it the perfect application to:

-Eliminate password and MFA fatigue

-Avoid shoulder surfing

-Enjoy a friendly user experience that simplifies security and compliance. 

Touchless continuous authentication is the most innovative way to fight MFA fatigue, and finally remove human error from cybersecurity authentication tools. Check out Hummingbirds AI`s touchless continuous authentication solution, GuacamoleID, and learn how you can change the way your organization experiences cybersecurity so that your employees can sleep well.