Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan. If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | significant | T1110 | Brute Force |
Comments
MFA provides significant protection against password compromises, requiring the adversary to complete an additional authentication method before their access is permitted.
References
|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | significant | T1110.001 | Password Guessing |
Comments
MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.
References
|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | significant | T1110.003 | Password Spraying |
Comments
MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.
References
|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | significant | T1110.004 | Credential Stuffing |
Comments
MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted.
References
|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | minimal | T1078 | Valid Accounts |
Comments
This control only protects cloud accounts and therefore its overall protection coverage is Minimal.
References
|
| azure_ad_multi-factor_authentication | Azure AD Multi-Factor Authentication | protect | partial | T1078.004 | Cloud Accounts |
Comments
MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. This is an incomplete protection measure though as the adversary may also have obtained credentials enabling bypassing the additional authentication method.
References
|