What do you think?
Rate this book
Hacking Multifactor Authentication
Protect your organization from scandalously easy-to-hack MFA security “solutions” Multi-Factor Authentication (MFA) is spreading like wildfire across digital environments. However, hundreds of millions of dollars have been stolen from MFA-protected online accounts. How? Most people who use multifactor authentication (MFA) have been told that it is far less hackable than other types of authentication, or even that it is unhackable. You might be shocked to learn that all MFA solutions are actually easy to hack. That’s there is no perfectly safe MFA solution. In fact, most can be hacked at least five different ways. Hacking Multifactor Authentication will show you how MFA works behind the scenes and how poorly linked multi-step authentication steps allows MFA to be hacked and compromised. This book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You’ll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers') needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book. Author Roger Grimes is an internationally known security expert whose work on hacking MFA has generated significant buzz in the security world. Read this book to learn what decisions and preparations your organization needs to take to prevent losses from MFA hacking.
576 pages, Paperback
Published October 27, 2020
20 people are currently reading
66 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
March 9, 2021
In elementary school, there was always that one annoying kid who went out of his way to let you know that the Tooth Fairy was not real. For many children, finding out that the Tooth Fairy is a fairytale was quite disconcerting. But their ennui was often temporary once they received money for the tooth.
In Hacking Multifactor Authentication, author Roger Grimes plays the role of that kid. While he’s not annoying, that same level of ennui may plague many in the technology space when they find out that multifactor authentication (MFA) is not the bullet-proof security panacea that they were lead to believe.
Not that MFA is not an excellent and necessary information security technology and solution. Rather than many people think that once they use MFA, most of their authentication problems are solved. But MFA, like every information security solution, can be hacked. Often MFA can be hacked due to user misconfigurations or other issues.
In this important book, Grimes details over 20 ways that MFA solutions can be hacked. Some of them are harder than others, but he also details ways to protect yourself and defend against these attacks. Some of the attacks are much harder than others. But the underlying message is that while MFA brings a lot to the security table, that table still can be hacked.
The first 4 chapters provide an excellent overview of passwords, authentication, security, and more. And the next 21 chapters give an encyclopedic survey of the many ways that MFA can be compromised and attacked. From endpoint attacks to subject attacks, fake authentication attacks, and more, Grimes details MFA attacks you may be aware of and many that you did not know even existed.
After spending a few hundred pages about MFA vulnerabilities, the book details how you can deploy secure MFA solutions. MFA is not monolithic and with over 100 vendors in the space, selecting the right solution is imperative.
For those looking to deploy MFA, it’s worth buying the book just for the information in chapter 23 on selecting the right MFA solution. There, Grimes details over 100 selection criteria to consider in your MFA deployment. Forget about what Gartner says about MFA; chapter 23 is what you should be reading first.
I have Hacking Multifactor Authentication on my list of The Best Information Security Books of 2020. For those looking to deploy MFA, it can be a significant cost and will require large amounts of time from your information security team. To ensure they are deploying MFA correctly and securely, make sure they read this book first.
In Hacking Multifactor Authentication, author Roger Grimes plays the role of that kid. While he’s not annoying, that same level of ennui may plague many in the technology space when they find out that multifactor authentication (MFA) is not the bullet-proof security panacea that they were lead to believe.
Not that MFA is not an excellent and necessary information security technology and solution. Rather than many people think that once they use MFA, most of their authentication problems are solved. But MFA, like every information security solution, can be hacked. Often MFA can be hacked due to user misconfigurations or other issues.
In this important book, Grimes details over 20 ways that MFA solutions can be hacked. Some of them are harder than others, but he also details ways to protect yourself and defend against these attacks. Some of the attacks are much harder than others. But the underlying message is that while MFA brings a lot to the security table, that table still can be hacked.
The first 4 chapters provide an excellent overview of passwords, authentication, security, and more. And the next 21 chapters give an encyclopedic survey of the many ways that MFA can be compromised and attacked. From endpoint attacks to subject attacks, fake authentication attacks, and more, Grimes details MFA attacks you may be aware of and many that you did not know even existed.
After spending a few hundred pages about MFA vulnerabilities, the book details how you can deploy secure MFA solutions. MFA is not monolithic and with over 100 vendors in the space, selecting the right solution is imperative.
For those looking to deploy MFA, it’s worth buying the book just for the information in chapter 23 on selecting the right MFA solution. There, Grimes details over 100 selection criteria to consider in your MFA deployment. Forget about what Gartner says about MFA; chapter 23 is what you should be reading first.
I have Hacking Multifactor Authentication on my list of The Best Information Security Books of 2020. For those looking to deploy MFA, it can be a significant cost and will require large amounts of time from your information security team. To ensure they are deploying MFA correctly and securely, make sure they read this book first.
March 5, 2024
An Error Occured When Loading This Review
Please press the like button below to see the full review
This book is an outstanding tool towards cybersecurity.
Not only does it provide extremely detailed ways of circumventing popular and common multifactor authentication methods, but it also provides a ton of actionable steps to prevent these attacks on your systems.
Some of the chapters in this book are downright scary - but also very helpful - whether you are a white hat or gray hat hacker...
One of my favorite parts of this book is the social engineering aspects. That was my inspiration for the title of this review, as social engineering has a big factor in the success of retrieving the payload. I always love reading about social engineering (social hacking).
I found it one of the best cybersecurity books in recent memory, and Grimes is an excellent author.
The chapters were very helpful, and detailed.
I feel this book is a must for anyone in cybersecurity.
4.8/5
Please press the like button below to see the full review
This book is an outstanding tool towards cybersecurity.
Not only does it provide extremely detailed ways of circumventing popular and common multifactor authentication methods, but it also provides a ton of actionable steps to prevent these attacks on your systems.
Some of the chapters in this book are downright scary - but also very helpful - whether you are a white hat or gray hat hacker...
One of my favorite parts of this book is the social engineering aspects. That was my inspiration for the title of this review, as social engineering has a big factor in the success of retrieving the payload. I always love reading about social engineering (social hacking).
I found it one of the best cybersecurity books in recent memory, and Grimes is an excellent author.
The chapters were very helpful, and detailed.
I feel this book is a must for anyone in cybersecurity.
4.8/5
April 29, 2025
Great coverage of methods used to breach authentication. It covers everything there is to know about MFA and the possibillities of attacks.
Displaying 1 - 3 of 3 reviews