Press Center

Multi-factor authentication is a necessity, and now it’s easy to deploy.

In ice hockey, where players collide with each other at 20 mph (30 km/h) and take shots at speeds of up to about 100 mph (161km/h), it is hard to imagine that players competed without wearing helmets until the late 1970s. Since then, this single piece of safety gear has significantly reduced injuries and prolonged careers of professional players. 

This example shows that sometimes the solution to a painful problem can be quite simple. The same is true for authentication, which is among the favorite cyberattack vectors for adversaries. Relevant data confirms again and again that having a single password, no matter how strong, is not enough anymore. An additional layer of protection – multi-factor authentication (MFA) – significantly decreases the likelihood of successful attacks on user credentials.

Well-developed processes to secure employees’ authentication, in combination with password hygiene, are essential parts of any prevention-first approach that aims to stop attacks before they can do any harm to a business. In pursuit of this strategy, ESET incorporated its cloud-based MFA solution ESET Secure Authentication into ESET PROTECT Hub, a new unified point of entry to the ESET PROTECT Platform serving businesses that include MSPs with user, license, and hierarchy management tools.  

Just like ice hockey players tend to aim for the top corners of the net because of a high success rate, cybercriminals know that credentials are among the most vulnerable layers of businesses’ defense because of the human element involved. 

For example, despite increasing global cybersecurity awareness among adults online, the password  “123456” remains the most-used credential.

And it’s not only a problem for the general public. Poor password hygiene is also observed among IT admins. Digging through more than 1.8 million pages identified as admin portals in 2023 revealed that 40,000 of them used "admin" as their password.

Knowing this, it is no surprise that the latest Verizon 2024 Data Breach Investigations Report found that 77% of basic web application attacks involved stolen credentials, 21% of them were the result of brute force (usually easily guessable passwords), and 13% of those attacks exploited vulnerabilities.

While businesses struggle with password laziness observed among their employees, adversaries improve their techniques to fool even those who are more tech savvy and vigilant. We can already see nefarious technical developments like AI-driven phishing or powerful high-end machines able to guess random six-characters-long passwords in a single day, despite the improved hashing methods used. Not to mention that users of older hashing methods can get breached instantly.  

Luckily, most attackers targeting credentials behave like desperate players shooting pucks from their side across the whole rink toward their opponent’s net and hoping for the best. ”Spraying and praying” tactics are still prevalent among various cyberattacks; this is clearly demonstrated by Microsoft data published in 2023. Simple, cheap, and easily mass-produced password attacks still dominate the game. As a result, Microsoft deflects more than 1,000 password attacks per second(!) in its systems. Interestingly, they have noticed that more than 99.9% of accounts compromised didn’t have multi-factor authentication enabled.

Google found similar results in its older 2019 survey showing that adding just an another simple step of verification can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.

Last but not least: multiple or additional factors of authentication are now a standard compliance requirement, just like the helmet has become compulsory in ice hockey.

Automated attacks targeting credentials:

Phishing – Fraudulent messages, emails, or calls luring targeted users into giving their account details and passwords. Using the latest technology, including AI, it is increasingly easy to mass-produce these attacks and at the same time make them more believable. 

Password spraying – Trying the most-used passwords, such as the word “password” or “1234,” against a huge number of accounts.

Dictionary attack – Trying a list of passwords derived from a dictionary of words against a valid account.

Brute force – An automated attack against a single account using all possible combinations for a password.

Breach replay or credential stuffing – pervasive reuse of exposed credentials from previous data breaches against many accounts.

Available in higher tiers of the ESET PROTECT solution for businesses, ESET Secure Authentication provides an additional layer of security against common credential attacks.

It protects both regular employees and IT admins logging into business ecosystems, mitigates the risk of stolen and compromised credentials, keeps attackers from accessing corporate data, and helps businesses with cybersecurity compliance. 

And the best part: reducing complexity, smooth installation and operation. The deployment takes around 10 minutes in the cloud; ESET Secure Authentication doesn’t need dedicated hardware – it's cloud-based, easily scalable, and, what is more, ESET oversees maintenance and upgrades.

Exploiting valid accounts is still the path of least resistance for cybercriminals, according to IBM X-Force Threat Intelligence Index 2024, and despite effective protection being available, many companies still don’t use it. 

Witnessing rapid-fire strikes from cybercriminals against business accounts every second, it’s time to “put a helmet on”. With ESET PROTECT, businesses can not only enjoy multilayered and AI-powered protection against all kinds of sophisticated attacks, but also take a proactive, prevention-first approach and easily deploy MFA to defend their precious accounts against massive automated attacks.    

About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.