Erik van Straten on Nostr: npub17lgy0…k9uux : it's not the lack of MFA that is the problem. Problem 1) is that ...
npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux (npub17lg…9uux) : it's not the lack of MFA that is the problem.
Problem 1) is that a SPOF (*) is permitted access to data of millions (either directly or indirectly). This risk includes compromise of client devices.
2) Weak MFA (+) does not prevent these attacks, because the SPOF may be phished into entering their credentials in a third party page that imitates the intended Citrix Netscaler.
Please do not promote a flawed fix for bad passwords (2019: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124).
(*) Single Point Of Failure
(+) SMS, Voice, TOTP, Number Matchting, Location
#AllYourCredsAreBelongToUs #MFAHadFailed #AlexWeinert #MFA #2FA #WeakMFA #NumberMatching #AlexWeinert #Weinert #SMS #TOTP #EvilGinx2 #EvilProxy #PhaaS
Problem 1) is that a SPOF (*) is permitted access to data of millions (either directly or indirectly). This risk includes compromise of client devices.
2) Weak MFA (+) does not prevent these attacks, because the SPOF may be phished into entering their credentials in a third party page that imitates the intended Citrix Netscaler.
Please do not promote a flawed fix for bad passwords (2019: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124).
(*) Single Point Of Failure
(+) SMS, Voice, TOTP, Number Matchting, Location
#AllYourCredsAreBelongToUs #MFAHadFailed #AlexWeinert #MFA #2FA #WeakMFA #NumberMatching #AlexWeinert #Weinert #SMS #TOTP #EvilGinx2 #EvilProxy #PhaaS