In the struggle to keep data and systems protected, multi-factor authentication (MFA) is a tried and true means of mitigating cyber attacks. However, the Federal Bureau of Investigations (FBI) has issued a warning that cyber actors are now evading the protections of MFA through technical attacks and common social engineering.

This is major news for the cyber security industry as multi-factor authentication systems are rarely compromised. In fact, Microsoft reports that a given account is “more than 99.9% less likely to be compromised” with the use of MFA. Despite its utility, MFA is still not widespread. According to Microsoft, less than 10% of their monthly users use multi-factor authentication. The reasons for this vary, but a common complaint among consumers is that it’s an inconvenience.

The FBI suggests that companies employ biometrics that rely on behavioral information, which hackers will encounter greater difficulty in convincing users to disclose. But biometric verification has its complexity and counterpoints too. The compromise of MFAs will certainly force security professionals to create novel means of user authentication and identity management.

To learn more about the Federal Bureau of Investigation’s findings on multi-factor authentication, check out this Forbes article.