Microsoft: 99.9% of compromised accounts did not use multi-factor

Page 1 of 5 123 ... LastLast
    Microsoft: 99.9% of compromised accounts did not use multi-factor

    Microsoft: 99.9% of compromised accounts did not use multi-factor


    Posted: 06 Mar 2020
    Speaking at the RSA security conference last week, Microsoft engineers said that 99.9% of the compromised accounts they track every month don't use multi-factor authentication, a solution that stops most automated account attacks.

    The cloud giant said it tracks more than 30 billion login events per day and more than one billion monthly active users.

    Microsoft said that, on average, around 0.5% of all accounts get compromised each month, a number that in January 2020 was about 1.2 million.
    Microsoft: 99.9% of compromised accounts did not use multi-factor authentication | ZDNet
    Golden's Avatar Posted By: Golden
    06 Mar 2020

  1. ThrashZone's Avatar
    Posts : 7,108
    3-Win-7Prox64 2-Win10Prox64
       #1

    Hi,
    Hacks don't happen on peoples computers
    Hacks hit ms servers so why not fix ms servers instead of making people jump through several hoops guessing which form of password you want time to time
    Pin number nope
    Phone number nope
    Password nope
    So bottom line fix your severs security not busting peoples balls on too many security protocols
    People can't remember a password okay let them remember 2 other items too
      My Computers

  2. Try3's Avatar
    Posts : 7,530
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #2

    Interesting article[s] but I agree with ThrashZone. Server protection could be significantly enhanced merely by the application of measures that MS introduced in Office 2010 file-open passwords [but wisely did not quantify] - deliberately slowing down the response speed of MS servers to each login attempt to a level that precludes brute force / dictionary attacks because they would be too slow for any practical purpose. And how many legitimate users would even notice, let alone be heartbroken by, an MS login that took 0.5secs rather than 0.5msecs [or whatever the real numbers might be]?

    I think the MS marketing department wrote the conclusions to the investigation anyway - they want to sell businesses more security keys as well as the server software & the technical support contracts that go with them. The conclusion could so easily have been different and more closely related to the individual findings that were reported
    - use strong passwords,
    - do not use the same password for more than one purpose,
    - roast the knackers of anybody going through your desk or illicitly looking over your shoulder.

    Denis
      My Computer

  3. Golden's Avatar
    Posts : 1,635
    Windows 10 Pro x64
    Thread Starter
       #3

    ThrashZone said:
    Hi,
    Hacks don't happen on peoples computers
    Hacks hit ms servers so why not fix ms servers instead of making people jump through several hoops guessing which form of password you want time to time
    Actually, it's an individual's account/s on the servers that get breached. My view is that it's up to the individual to take more responsibility for account security, as far as they are able to. Use of strong unique passwords and 2FA/MFA is hardly a novel idea, nor onerous. There are plenty of free tools that can help this be achieved too.
      My Computers

  4. Kari's Avatar
    Posts : 17,434
    Windows 10 Pro
       #4

    ThrashZone said:
    Hi,
    Hacks don't happen on peoples computers
    Hacks hit ms servers so why not fix ms servers instead of making people jump through several hoops guessing which form of password you want time to time
    Pin number nope
    Phone number nope
    Password nope
    So bottom line fix your severs security not busting peoples balls on too many security protocols
    People can't remember a password okay let them remember 2 other items too
    I realize that I am taking a big risk here now, maybe even risking my presence on this virtual home of mine, but this must be said:

    What an incredibly stupid and idiotic comment you posted!


    Golden said:
    Actually, it's an individual's account/s on the servers that get breached. My view is that it's up to the individual to take more responsibility for account security, as far as they are able to.
    Exactly!

    Kari
      My Computer

  5. Jacee's Avatar
    Posts : 1,593
    Win 10 home 20H2 19042.928
       #5

    I can't even "hack" my own 2 network computers ..... must be doing something right
      My Computers

  6. ThrashZone's Avatar
    Posts : 7,108
    3-Win-7Prox64 2-Win10Prox64
       #6

    Kari said:
    I realize that I am taking a big risk here now, maybe even risking my presence on this virtual home of mine, but this must be said: What an incredibly stupid and idiotic comment you posted! Kari
    Hi,
    Making you react like you did to something is spot on why it was posted as is
      My Computers

  7. TairikuOkami's Avatar
    Posts : 4,697
    Windows Home Dev 21xxx x64
       #7

    ThrashZone said:
    So bottom line fix your severs security not busting peoples balls on too many security protocols
    Exactly. I recall times, when services actually emailed me about attempted failed logons. Not to mention, it was also like 5 tries and wait for 5 mins or so. This attack allowed hackers to use like a million passwords within an hour and it did not trigger any alert? I avoid 2FA as a plague, it is up to the provider to secure his server and not to store passwords in plain text and such. Paypal for example allows to use only 20 characters long password, that can be easily breached within days and I can use 200 characters long password on a forum? Unbelievable. But of course that they blame users, it is easier. ANd lets not even talk about pushed biometrics, once it is compromised, the user is done, because he can not change his eyes or fingerprints.
      My Computer

  8. Try3's Avatar
    Posts : 7,530
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #8

    TairikuOkami said:
    ... only 20 characters long password, that can be easily breached within days ...
    Really? That's a step change from earlier speeds. When I last looked into this a 21 character fully-random password would only have a 1 in a million chance of being brute force / dictionary cracked within the 48 hour period that many cracking services were offering as their standard service.
    [actually, that's 1/1,000,000 in 25 years time as I extrapolated using an assumed doubling in processing power every year instead of the commonly-used assumption of 18 months & I assumed processing by a 4 million PC botnet / equivalent based on GPU processing capabilities].

    Denis
      My Computer

  9. z3r010's Avatar
    Posts : 9,922
    Windows 10 Workstation x64
       #9

    I just don't understand the resistance to 2FA, the majority of sites/applications only need to authenticate every 30 days or so and it is just so much more secure than a password alone, IMO not to use it when it's on offer is absolute stupidity.
      My Computers


 
Page 1 of 5 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:14.
Find Us




Windows 10 Forums