Skip to main content


MFA Bypass Attacks: Why MFA is Not a CYA

14 February 2024

The volume and sophistication of phishing attacks is at an all-time high. One of the most highly recommended security controls for preventing unauthorized access is multi-factor authentication (MFA), which can add an important layer of security beyond a traditional password. It comes in many different forms, including:

  • Push notifications
  • SMS
  • Authenticator apps/Soft tokens
  • Voice
  • Email
  • Hardware token

Is MFA a fail-safe? Several recent high-profile MFA bypass attacks would suggest it still has weaknesses that can be circumvented. Despite having MFA enabled, these incidents involved threat actors successfully bypassing traditional MFA methods mentioned more!