If you’ve worked in fraud prevention or cybersecurity, you’ve probably heard it a thousand times: “Just turn on multi-factor authentication (MFA). It’ll stop the hackers.”
And sure, MFA helps — a lot. But here’s the reality no one likes to admit: the most common doorway attackers use to bypass MFA is a compromised email account. The inbox — that familiar, everyday tool we all rely on — is often the weakest link in account security. It’s the digital key to password resets, login approvals, and account verifications. When that key is stolen or spoofed, even the strongest MFA setup can crumble.
Learn more →Login processes can make or break a user experience. Excessive reliance on multi-factor authentication (MFA) often deters users from returning to a site more often.
You may have experienced the frustration: you complete MFA to sign in, navigate to view your billing statement, and get presented with MFA again — even though you’re still on the same platform. According to a 2021 PingIdentity survey:
- 56% of global consumers — and 61% of U.S. consumers — would stop using an online service if the login process became too frustrating
- 65% of U.S. consumers would switch to a competitor offering easier authentication
Businesses aren’t immune. When multiplied across daily logins for hundreds or thousands of employees, “minor” MFA friction results in significant productivity losses and increased help desk costs — with minimal impact on reducing security risk.
Learn more →Many organizations rely on myNetWatchman to protect against credential stuffing and account takeover attacks — but account security is especially critical for financial institutions (FIs). This article explores a real credential stuffing attack against a large FI, observed in real-time between June and August 2024.
It’s a High-Volume Numbers Game
Credential stuffing systematically tests exposed credential pairs to see where the same combination works elsewhere. The attack in this case study saw over 8 million unique usernames attempted in a 6-week period — not to succeed on all of them, but to identify the ones that do.
Learn more →