![]() ![]() Additionally, we can layer MFA on top of modern auth to make client authentication even stronger. Modern authentication is not subject to the same types of attacks and exploits that are possible with Basic authentication.įor example, credentials in a modern auth compatible app are not stored on the client device, and whenever something about the connection or state changes, the client is required to re-authenticate. Switching completely to Modern auth and disabling basic (even without implementing MFA) is a major improvement in security. Whereas Modern auth prompts look more like this: Difference between Basic and Modern Authentication Far better to just disable basic auth as widely as possible. How long before they hit an award-winning user/pass combo? App passwords for instance are all lower case and a predictable length. ![]() eliminate “Password1” or “Spring2019” etc.) may help mitigate these risks… But, when Basic Auth is left in play it means that attackers can brute force accounts all day long. And that means you can still get in with nothing more than a username and password.įor all other accounts, you might think that using stronger passwords (e.g. Reason being: Basic authentication is enabled by default, and Basic auth does not support MFA to begin with. There has actually been an uptick in this type of activity lately.Įven with Modern Authentication and indeed Multi-factor Authentication enabled, you are still left open to these types of attacks. ![]() From that foothold, the most common next step attackers will take is to send out spam/phishing emails from the compromised account, and gain more footholds and greater access for data ex-filtration, ransom, or whatever. One of the most common (and often successful) attacks we see in the wild is a simple brute force / password spray against weak accounts. ![]()
0 Comments
Leave a Reply. |