Speakers: Sarah Handler, Senior Program Manager, Microsoft; Sergio Romero, Senior Data Scientist, Microsoft
Date: Thursday, June 23, 2022
Location: Denver, CO

Description: When is strong authentication not strong enough? As MFA adoption and attacker savviness rises, we are increasingly seeing Identity compromise on sign-ins that have MFA claims. Worse yet, when systems blindly trust authentication requests with MFA, it enables bad actors who have phished or stolen strong auth tokens to gain malicious access and often fly under the radar due to their “more secure” status.

Join this session to hear from Microsoft’s Identity Protection team’s real stories of customers falling victim to sneaky attacks leveraging MFA claims through phishing, token replay, and abusing MFA fatigue. We will cover the attack graph and dangers of always trusting MFA, ways all organizations can reduce their risk, and what our industry needs to consider to strengthen the future of strong auth.