{"id":99324,"date":"2023-10-11T11:30:00","date_gmt":"2023-10-11T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=99324"},"modified":"2024-02-15T10:08:17","modified_gmt":"2024-02-15T15:08:17","slug":"commonly-overlooked-weakness-multi-factor-authentication","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication","title":{"rendered":"3 Commonly Overlooked MFA Weaknesses"},"content":{"rendered":"\n<p><em>October is Cybersecurity Awareness Month, and the U.S. Cybersecurity &amp; Infrastructure Security Agency (CISA) is calling on all of us to \u201cSecure Our World,\u201d with a simple message that calls everyone to action \u201cto adopt ongoing cybersecurity habits and improved online safety behaviors.\u201d This month, the JumpCloud blog will focus on helping you empower everyone in your organization to do their part regarding cybersecurity. Tune in throughout the month for more cybersecurity content written specifically for IT professionals.<\/em><\/p>\n\n\n<hr>\n\n\n\n<p><a href=\"https:\/\/www.darkreading.com\/cloud\/hackers-target-high-privileged-okta-accounts-via-help-desk\" target=\"_blank\" rel=\"noreferrer noopener\">According to DarkReading<\/a>, high-privilege accounts from a well known security vendor have been common targets in a pattern of recent attacks. In these attacks, DarkReading reports, hackers use social engineering to convince support personnel to reset multi-factor authentication (MFA) credentials. (Though not discussed in the report, it should be known the attacker has, at this point, already compromised the first authentication factor: the password). Once the hacker has compromised both a user\u2019s password and their second authentication factor, they can gain access to their accounts.<\/p>\n\n\n\n<p>MFA is increasingly becoming the entry point in malicious attacks, including those that <a href=\"https:\/\/www.cyberdefensemagazine.com\/new-threat-report-shows-attackers-increasingly-exploiting-mfa-fatigue\/\" target=\"_blank\" rel=\"noreferrer noopener\">exploit MFA fatigue<\/a> and those that use social engineering to dupe their way in. This trend serves as a stark reminder that, while MFA is drastically more secure than single-factor authentication (i.e., the classic username-password combo), it isn\u2019t a 100% guarantee. When it comes to security, there\u2019s always more that can be done. That\u2019s especially true if there\u2019s gaps in MFA coverage.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>Worryingly, this could be the first in a new wave of cyberattacks targeting high-privilege users<\/em><\/p>\n<cite><em>&#8211; <\/em><a href=\"https:\/\/www.darkreading.com\/application-security\/okta-flaw-involved-mgm-resorts-breach-attackers-claim\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Callie Guenther,<\/em><\/a><em> senior manager of threat research at Critical Start.<\/em><\/cite><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">3 Commonly Overlooked MFA Weaknesses<\/h2>\n\n\n\n<p>These attacks prompt us to consider one of the biggest vulnerabilities in just about any MFA program (the <a href=\"https:\/\/jumpcloud.com\/blog\/the-human-challenges-of-rolling-out-multi-factor-authentication-mfa\">human side of MFA<\/a>) as well as the limitations of implementing a <a href=\"https:\/\/jumpcloud.com\/blog\/beginners-guide-2fa\">2FA<\/a> program. With that in mind, it\u2019s essential to consider the following when implementing and maintaining an MFA program:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. The Human Side of MFA&nbsp;<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Social Engineering&nbsp;<\/h4>\n\n\n\n<p>Social engineering is becoming a popular MFA compromise method. More and more frequently, bad actors are finding ways to dupe users into handing over MFA credentials. In the example referenced above, bad actors called tech support pretending to be a user and request an MFA reset.&nbsp;<\/p>\n\n\n\n<p>In other instances, hackers trick users into approving their login attempt with tactics like <a href=\"https:\/\/jumpcloud.com\/blog\/push-bombing-mfa-fatigue\">push bombing<\/a>. In this common attack, the bad actor uses a script or a bot to trigger multiple login attempts with stolen or leaked credentials. This sparks a deluge of push notifications to the user\u2019s device; often, the user approves the prompt out of frustration.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Communications and Training<\/h4>\n\n\n\n<p>Most companies administer some kind of user training when rolling out an MFA program. However, training for those who support MFA functions is equally important, if not more so. MFA enrollment and resets are typically weak links in the authentication process and are often susceptible to social engineering attacks.<br><br>Anyone who has the ability to support MFA enrollment and resets should have clear parameters for verifying someone\u2019s identity before issuing credentials. They should also have enough training to spot common social engineering maneuvers.<\/p>\n\n\n\n<p>In addition, those with privileged credentials should receive rigorous MFA training. This is especially important for executives: although they\u2019re perhaps some of the most targeted and sought-after, they\u2019re also among the most likely to bypass training or demand circumvention for things like MFA resets. Make sure executives and support staff understand that circumvention is especially dangerous for high-profile users, and ensure they follow the traditional pathways for things like MFA resets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Factor Quality and Number<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Number of Factors&nbsp;&nbsp;<\/h4>\n\n\n\n<p><em>\u201cSetting and forgetting\u201d<\/em> 2FA can still leave the door to attacks slightly ajar. Fortunately, MFA doesn\u2019t have to stop at two factors: every additional MFA factor exponentially increases security. Adding a third factor can help to close the gaps in a classic 2FA method by making it <em>that much harder<\/em> for an adversary to coordinate their efforts to obtain each necessary factor in the (often) tight time limits available to them.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Quality of Factors<\/h4>\n\n\n\n<p>It\u2019s also important to consider <em>which<\/em> factors you lean on in your program, as some methods of MFA are more secure than others. If a factor\u2019s core job is to assure that the user is who they say they are, then vetting the ability to challenge that assertion is essential.&nbsp;<\/p>\n\n\n\n<p>For example, a <a href=\"https:\/\/jumpcloud.com\/blog\/totp-sms-2fa\">code delivered via SMS<\/a> is typically considered less secure than a code generated on a user\u2019s device. For one, codes sent through SMS or email often last for extended periods of time, be it ten minutes, 30 minutes, or more! This, when compared to a TOTP code with a lifetime of 30 seconds, is comparatively less secure. What\u2019s more, codes delivered through email or SMS can be obtained if the attacker has access to those accounts, or can be completely faked through social engineering tactics as discussed above.<\/p>\n\n\n\n<p>And of course, users should still follow <a href=\"https:\/\/jumpcloud.com\/blog\/it-password-security\">password best practices<\/a> to ensure a strong first factor. It is possible to eliminate passwords as a factor, in lieu of a verified FOB or biometric scan, but more often than not, passwords will be a necessary first factor to authenticate. Thus, good password hygiene is intimately connected with the success of MFA.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Deployment Strategy&nbsp;<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Context<\/h4>\n\n\n\n<p>MFA is intended to act as an additional layer of context added to an authentication attempt. Instead of verifying an individual based solely on what they know (their username and password), this additional factor adds context to the login. In the most direct sense, this context is meant to answer the question: \u201cIs the person logging into this system actually who they claim to be?\u201d But as seen above, this isn\u2019t always so cut and dry.<\/p>\n\n\n\n<p>Instead, this context could be expanded upon to paint a more comprehensive picture of the login attempt. For example, is the person who they say they are, <em>and <\/em>are they logging in from the same location they normally do, <em>and<\/em> are they logging in from a predictable time? Or is this a 9-5er in the U.S. trying to log in at 1am from a computer in Europe with a valid TOTP?&nbsp;<\/p>\n\n\n\n<p>Context really matters here, and technology can\u2019t always pick up on all the contextual clues a human might. This is why tools like conditional access policies are additional layers that enable us to wrap our MFA with additional contextual information for a clearer picture \u2014 and a more accurate ruling on identify verification. For example, you could contextualize an authentication attempt based on important factors like the user\u2019s privilege level, the resource\u2019s sensitivity, and how well the authentication attempt aligns with previous patterns.<\/p>\n\n\n\n<p>Using dynamic groups and attribute-based rules can limit authorization into sensitive resources by creatings a least-privilege backstop. Automating entitlement management can limit what an intruder has access to in the event of a breach and protect systems where SSO isn\u2019t an option. It\u2019s not feasible for a person to attest to all privilege changes, but attribute-based access control adds a layer of validation to access requests. It\u2019s another <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-zero-trust-network-access\">zero trust security<\/a> concept that complements MFA and conditional access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Strengthen Your MFA Security&nbsp;<\/h2>\n\n\n\n<p>In security, nothing can ever be 100% secure. As MFA shows us, security is stronger with more layers. Layering your security strategy as a whole can help strengthen your security posture despite inherent weaknesses. Learn more about strengthening your security posture in the whitepaper, <a href=\"https:\/\/jumpcloud.com\/resources\/secure-your-sme-with-jumpcloud-and-crowdstrike\" target=\"_blank\" rel=\"noreferrer noopener\">How to Secure Your SME with JumpCloud and CrowdStrike.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.<\/p>\n","protected":false},"author":144,"featured_media":99328,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2775],"platform":[],"funnel_stage":[3015],"coauthors":[2532],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>3 Commonly Overlooked MFA Weaknesses - JumpCloud<\/title>\n<meta name=\"description\" content=\"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3 Commonly Overlooked MFA Weaknesses\" \/>\n<meta property=\"og:description\" content=\"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-11T15:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-15T15:08:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kate Lake\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kate Lake\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\"},\"author\":{\"name\":\"Kate Lake\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78\"},\"headline\":\"3 Commonly Overlooked MFA Weaknesses\",\"datePublished\":\"2023-10-11T15:30:00+00:00\",\"dateModified\":\"2024-02-15T15:08:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\"},\"wordCount\":1272,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg\",\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\",\"url\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\",\"name\":\"3 Commonly Overlooked MFA Weaknesses - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg\",\"datePublished\":\"2023-10-11T15:30:00+00:00\",\"dateModified\":\"2024-02-15T15:08:17+00:00\",\"description\":\"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg\",\"width\":1000,\"height\":750,\"caption\":\"Man setting up MFA on his tablet\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3 Commonly Overlooked MFA Weaknesses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78\",\"name\":\"Kate Lake\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/46cab796831a4f3fb686940689408879\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g\",\"caption\":\"Kate Lake\"},\"description\":\"Kate Lake is a Senior Content Writer at JumpCloud, where she writes about JumpCloud\u2019s cloud directory platform and trends in IT, technology, and security. She holds a Bachelors in Linguistics from the University of Virginia and is driven by a lifelong passion for writing and learning. When she isn't writing for JumpCloud, Kate can be found traveling, exploring the outdoors, or quoting a sci-fi movie (often all at once).\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"3 Commonly Overlooked MFA Weaknesses - JumpCloud","description":"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication","og_locale":"en_US","og_type":"article","og_title":"3 Commonly Overlooked MFA Weaknesses","og_description":"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.","og_url":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication","og_site_name":"JumpCloud","article_published_time":"2023-10-11T15:30:00+00:00","article_modified_time":"2024-02-15T15:08:17+00:00","og_image":[{"width":1000,"height":750,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg","type":"image\/jpeg"}],"author":"Kate Lake","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kate Lake","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication"},"author":{"name":"Kate Lake","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78"},"headline":"3 Commonly Overlooked MFA Weaknesses","datePublished":"2023-10-11T15:30:00+00:00","dateModified":"2024-02-15T15:08:17+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication"},"wordCount":1272,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg","articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication","url":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication","name":"3 Commonly Overlooked MFA Weaknesses - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg","datePublished":"2023-10-11T15:30:00+00:00","dateModified":"2024-02-15T15:08:17+00:00","description":"Enabling multi-factor authentication (MFA) is a significant step in the direction of building a secure environment\u2026 but it\u2019s not as simple as that.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1352825265.jpg","width":1000,"height":750,"caption":"Man setting up MFA on his tablet"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/commonly-overlooked-weakness-multi-factor-authentication#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"3 Commonly Overlooked MFA Weaknesses"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78","name":"Kate Lake","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/46cab796831a4f3fb686940689408879","url":"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g","caption":"Kate Lake"},"description":"Kate Lake is a Senior Content Writer at JumpCloud, where she writes about JumpCloud\u2019s cloud directory platform and trends in IT, technology, and security. She holds a Bachelors in Linguistics from the University of Virginia and is driven by a lifelong passion for writing and learning. When she isn't writing for JumpCloud, Kate can be found traveling, exploring the outdoors, or quoting a sci-fi movie (often all at once).","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99324"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/144"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=99324"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99324\/revisions"}],"predecessor-version":[{"id":105985,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99324\/revisions\/105985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/99328"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=99324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=99324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=99324"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=99324"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=99324"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=99324"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=99324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}