Another good reason to enforce MFA • Blisstech Solutions

What would happen if someone got hold of one of your employees’ passwords from years ago?

Not a password they’re using today.

Not one they even remember.

Just an old one that never got changed.

Because that’s exactly how a recent, large-scale data-theft campaign worked.

A recent investigation by a cyber security firm uncovered a new hacking campaign. Sensitive business data from dozens of organisations around the world was quietly collected and later put up for sale on the dark web.

Different industries. Different countries. Different sizes of business.

But one thing kept coming up again and again.

Every affected organisation had allowed staff to log into important cloud systems using nothing more than a username and password. No second step. No extra check. Just type your password and you’re in.

This is where MFA comes in.

Multi-factor authentication simply means using more than one piece of evidence to prove it’s really you. Usually that’s your password plus something else, like a code on your phone, a notification you approve, or a fingerprint. 

So even if someone steals your password, they still can’t get in.

In these cases, MFA wasn’t enforced.

So how did the attackers get hold of the passwords in the first place?

They relied on something called infostealing malware. That’s a type of malicious software that can end up on a computer without the person using it realising. 

Once it’s there, it quietly collects saved passwords, login details, and other sensitive information, and sends it back to criminals.

This doesn’t only happen on office computers. It can happen on home devices, personal laptops, or any machine that’s ever been used to log into work systems.

When those details are stolen, they don’t always get used straight away. And this is the part that really matters.

Some of the passwords used in this campaign were years old.

That tells us two important things:

  • Passwords weren’t being changed often enough
  • Old logins were still being trusted long after they should have been invalidated

In other words, a device infected a long time ago could suddenly become a serious problem today.

This has been described as a “latency” issue. The threat sits quietly in the background, waiting. An old mistake doesn’t disappear just because time has passed.

The attackers would have been stopped if MFA had been switched on.

They had the passwords. But they didn’t have the second factor. No phone. No app. No approval tap. That one extra step would have turned a successful break-in into a dead end.

This is why security professionals (like me) keep saying the same thing, repeatedly: Passwords on their own are no longer enough.

I know one of the most common reactions to MFA is, “But it’s annoying”. And yes, it does add an extra moment to the login process. 

But compare that to what happens when a password nobody remembers is still valid years later. When confidential files can be copied, sold, or quietly taken without anyone noticing until it’s too late.

MFA turns a stolen password into a useless piece of information. And that’s why enforcing MFA isn’t overkill anymore, it’s sensible.

If there’s one lesson here, it’s a simple one: Old passwords don’t expire on their own. One extra lock on the door makes all the difference.

Need help getting set up? Get in touch.

More Content

Businesses are taking too long to fix vulnerabilities

Businesses are taking too long to fix vulnerabilities

If you knew your systems were at risk of attack, you’d jump in and get things locked down fast – right? Actually… many businesses take too long to fix vulnerabilities. Here’s why that’s a problem.

Outdated backup systems could leave your business vulnerable

Outdated backup systems could leave your business vulnerable

When did you last review your business’s backup tools? Outdated backup systems can fail to protect you from modern threats, like ransomware attacks. If you want a reliable backup system, here’s what you need to know…

Are you ready for next-gen email security? (YES!)

Are you ready for next-gen email security? (YES!)

Sick of spam emails? We have details of a cool new tool to help keep us better protected.

More businesses are proactively investing in cyber security defences

More businesses are investing in cyber security defences

Cyber security: More and more businesses are making the smart business decision to invest in it. Find out why you should join them.

A woman on a laptop with a shield and lock on the screen

Why you should use a password manager

Introduction It can be difficult to keep track of all of your online passwords, especially if you have multiple accounts for different purposes.  But did you know that there is a way to keep all of your passwords safe and secure? A password manager such as LastPass...
The Microsoft sign on a building

Microsoft urge users to patch against critical vulnerability

Microsoft is warning of a recently discovered critical Windows DNS Server vulnerability that is described as “wormable”. DNS (Domain Name Services) is used by computers all over the world to find each other. The Internet could not work without it. Microsoft DNS is...
Windows Hello gets a new look and improved security

Windows Hello gets improvments in security usability

Is your business using Windows Hello yet? It offers easier and more secure login methods – and it’s about to get an upgrade. Here’s what’s changing.

Is your email signature putting your business at risk?

When was the last time you gave any thought to your email signature? It’s just there to provide your contact details and maybe boost your branding, right? But have you ever considered exactly how much information you’re giving away? It’s enough to allow someone else...

Tech Tip: What is Autosave and Version History?

This is the latest Tuesday Two Minute Tech-tip that explains the AutoSave and Version History features of Office 365. When we migrate businesses to Microsoft 365 and they start working with OneDrive and SharePoint, I often hear the question, "How do I save my files...
Templates and Slide Masters in PowerPoint title

Tech Tip: How to use Templates and Slide Masters in PowerPoint

This Tech Tip will show you how to use templates and Slide Masters in PowerPoint to give your presentations a professional and consistent look. I've been using PowerPoint for over 25 years and have created a lot of presentations. Previously, I would work from a...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05