Why Legacy MFA is DOA


            By Kevin Surace, Chair, Token



            Multi-Factor  Authentication  (MFA) has long been heralded as a cornerstone of secure digital practices.
            However, the traditional forms of MFA, now often referred to as "legacy MFA," are increasingly seen as
            outdated and inadequate in the face of evolving cyber threats. This article explores  why legacy MFA is
            considered Dead on Arrival (DOA) in today's cybersecurity landscape.



            The Evolution of Cyber Threats

            The  cyber  threat  landscape  has  dramatically  evolved  over  the  past  few  years.  Cybercriminals  have
            become more sophisticated, employing advanced tactics such as phishing, social engineering, and man-
            in-the-middle  attacks  to  circumvent  traditional  security  measures.  Legacy  MFA,  which  often  relies  on
            something  you  know  (like  a  password)  and  something  you  have  (like  a  text  message  code  or
            authentication app), is no longer sufficient to thwart these advanced attacks. 90% of ransomware attacks
            occur using user credentials, and the vast majority of those now include a legacy MFA hack as well.





            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          136
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.