The Problem With Multi-Factor Authentication (MFA)

Here is a short snippet from the Technical Director at Data Connect, Ray Stone, recent LinkedIn Article:

This fact is something that many pentesters I know have told me numerous times over the years. Often finding the challenge of having to bypass MFA almost trivial whilst on the job. Don’t get me wrong, it’s a must and a minimum requirement for public facing systems in my opinion but nevertheless alone it is not the be all and end all of our access control problem.