58 INTERVIEW Building cyber resilience with phishing-resistant MFA Identity is a fundamental part of a zero-trust strategy. Yubico’s Derek Hanson explains how businesses can meet Microsoft’s MFA regulations with passwordless authentication solutions BY ALICE CHAMBERS Research by Microsoft shows that multifactor authentication (MFA) can block over 99.2 per cent of account compromise attacks. This statistic alone was enough for Microsoft to encourage secureby-default practices with its customers by implementing an MFA mandate for all Microsoft Azure sign-in attempts. However, organisations are struggling to meet these requirements. “There are a whole host of challenges that hinder security,” says Derek Hanson, vice president of standards and alliances at Yubico, a provider of hardware authentication security keys that integrates its tools with Microsoft Entra ID and Microsoft 365 to help customers with their zero-trust strategies. “Many businesses expose themselves to risks by relying on traditional usernames and passwords and legacy MFA tools, which are vulnerable to phishing and credential theft. Others struggle with the complexities of managing password policies, leading to frequent password resets and user frustration.” Microsoft now requires MFA for all users signing into the Azure portal, and the Microsoft Entra and Intune admin centres. The mandate was enforced in October 2024, followed by the same for the Microsoft 365 admin centre in February 2025. A second phase of MFA mandates will roll out later in 2025, extending MFA enforcement to Azure mobile applications, Command-Line Interface and PowerShell. “This decision is driven by the goal to significantly reduce account takeover threats and enhance security,” explains Hanson. “By mandating that Azure users employ some form of MFA, Microsoft aims to protect user accounts from unauthorised access and reduce the risk of security breaches.” Yubico is helping businesses achieve their authentication goals through its hardware security keys, called YubiKeys. They stop account takeovers, reduce security breaches, improve user productivity and provide a smoother transition to passwordless authentication. “By adopting YubiKeys, organisations across various industries have significantly enhanced their security posture through the gold standard for phishing-resistant authentication and streamlined user experiences,” says Hanson. “The seamless integration of YubiKeys has enabled thousands of satisfied customers to implement strong, hardware-based MFA across their IT infrastructure and create phishing-resistant users to become truly phishing-resistant enterprises. “It’s also become clear that organisations must go beyond only addressing moments of authentication – they need to focus on building phishing-resistant users. Fostering phishingresistant users is not just a reactive measure, “ By eliminating passwords, organisations reduce their attack surface”
RkJQdWJsaXNoZXIy NzQ1NTk=