According to Microsoft, it witnesses around 300 million fake account sign-in attempts every day. Users can protect their account if they have enabled Multi-Factor Authentication for their accounts.
Alex Weinert, who holds the position of Group Program Manager for Identity Security and Protection at Microsoft, says MFA quashes the chances of an account being compromised by 99.9%.
In a blogpost titled ‘Your Pa$$word doesn’t matter,’ Weinert says that instead of focusing on popularly prevalent password rules such as — “never use a password that has ever been seen in a breach,” “use really long passwords”, or “passphrases-will-save-us,” — users should focus on MFA.
He says that the composition and length of password don’t matter as hackers have come up with innovative methods to grab hold of your credentials.
To support his argument, he presented stats on how passwords are compromised, citing the attack type, frequency, and mechanism of different approaches adopted by hackers for identity theft.
Weinert says that using multi-factor authentication blocks 99.9% chances of illicit sign-in attempts even if a hacker has your password. The remaining 0.1% accounts for more sophisticated attacks where bad actors target MFA tokens. However, such attacks are rare.
Microsoft isn’t the only company promoting multi-factor authentication for safeguarding users’ accounts. Google also reiterated the same in May, saying that adding a recovery phone number to your Google account blocks 100% of automated sign-in attempts.
Bottom line: Start using multi-factor authentication wherever possible to make sure that your account is not compromised even if a hacker manages to get hold of your password.