
Current Threats to MFA
Phishing
Hackers usually deceive users through emails or fake websites to extract login credentials and authentication codes.
Push bombing
(push fatigue)
Users receive an overwhelming number of push notifications until they unwittingly grant network access to threat actors.
Exploitation of SS7 protocol vulnerabilities
Hackers exploit weaknesses in the SS7 protocol to intercept MFA codes sent via SMS or voice.
SIM swap
Cellular carriers may be manipulated to transfer a user’s phone number to a SIM card they control, granting them access to the user’s phone and accounts.
Requirements to Implement Phishing-Resistant MFA
According to the US government’s cybersecurity and infrastructure agency, a phishing-resistant solution must have:
- FIDO/WebAuthn standards
- PKI-based MFA

For companies that need cybersecurity insurance,
phishing-resistant MFA should also be used for:
- VPN (for remote access to the corporate network)
- Admin access to everything including laptops and Remote Desk Protocol (RDP)
WinMagic’s Phishing-Resistant MFA
MagicEndpoint passwordless MFA is phishing resistant and can be applied to logging in to pre-boot, Windows, Virtual Desktop Infrastructure (VDI), RDP, email, VPN access and many other remote services. The solution meets today’s cyber insurance requirements for MFA and future-proofs your organization against evolving requirements for phishing-resistant MFA.