MFA is increasingly bypassed due to phishing attacks using “adversary-in-the-middle” techniques. Criminals utilize phishing-as-a-service toolkits that allow anyone, even non-technical users, to create fake login pages that capture credentials and MFA codes. Traditional MFA, relying on one-time passwords or push notifications, can still be compromised since attackers can capture these codes. WebAuthn offers better security as it ties credentials to specific URLs and devices, making it resistant to such attacks. Organizations are encouraged to adopt WebAuthn to enhance security against phishing threats.
Why MFA Is Getting Easier to Bypass and What to Do About It
