Ä¢¹½ÊÓƵ

Your OHIO account is valuable given it is often the gateway to your paycheck, your class data, or maybe even your highly confidential research. Stealing your username and password continues to be one of the top priorities of bad actors. But Ä¢¹½ÊÓƵ University has Multifactor Authentication enabled, isn’t that supposed to stop the attacker? In this first article for 2025’s Cybersecurity Awareness Month, we will look at how attackers bypass MFA and explore what you need to do to keep your account safe.

How the Bad Actors Bypass MFA

It may come as a surprise, but attackers generally aren’t bypassing MFA by finding secret backdoors in authentication protocols and web applications. They aren’t really bypassing MFA at all. Instead, they simply ask the victim up front for the MFA approval in an attack called social engineering. In essence, after the victim has been tricked to share their username and password, they often go ahead and help the attacker get past MFA as well. There are various ways this could occur, for instance, the attacker could initiate an MFA Fatigue attack where they continue to initiate a phone call to your phone number until you answer and approve the request. Or they may set up fake login pages to encourage you to sign in to the page and intercept your authenticated session using an attack called Adversary in the Middle Phishing. How Can I Keep My OHIO Account Safe

This month you will receive additional tips on how to protect your account by recognizing phishing attempts, keeping your software up to date, and how to upgrade from traditional password logins to more modern phishing resistant forms of authentication. Following these tips will help keep your account safe.

The Future of Passwords: Passwordless Logins Sneak Peek

Too eager to wait for upcoming articles and ready to move away from boring password logins? Check out our and .