99.9% of Hacked Accounts Lack Two-Factor Authentication

At the RSA 2020 conference last week, Microsoft experts discussed the ongoing issue of account breaches and highlighted key preventive measures that can protect the vast majority of accounts from being compromised.

According to the Microsoft team, their specialists monitor incidents every month in which cybercriminals attempt to compromise user accounts. The tech giant tracks over 30 billion authentication attempts daily.

On average, researchers say that attackers successfully hack about 0.5% of accounts each month. For example, in January 2020, 1.2 million accounts were compromised.

Key Statistic: Two-Factor Authentication Is Rarely Used

Here’s the most striking statistic from Microsoft: 99.9% of hacked accounts did not use two-factor authentication (2FA) as a security measure. For some reason, users are reluctant to enable 2FA, even for corporate accounts. For instance, only 11% of organizational accounts had two-factor authentication enabled.

Simple Attack Methods Still Work

Microsoft representatives noted that most attacks on accounts are extremely simple: attackers try to guess commonly used username-password combinations. For example, “password spraying” attacks led to the compromise of 480,000 accounts in January alone.

• Microsoft monitors over 30 billion authentication attempts daily.
• 1.2 million accounts were hacked in January 2020.
• 99.9% of hacked accounts did not use two-factor authentication.
• Only 11% of organizational accounts had 2FA enabled.
• “Password spraying” attacks compromised 480,000 accounts in one month.

The data clearly shows that enabling two-factor authentication is one of the most effective ways to protect your accounts from being hacked.