mfa
Safeguard articles tagged "mfa" — guides, analysis, and best practices for software supply chain and application security.
12 articles
The security hygiene checklist most engineering orgs still skip
22% of breaches start with stolen credentials, per Verizon's 2025 DBIR. A quarter-long hygiene checklist — patching, MFA, secrets, least privilege — closes most of that gap.
OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide
Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.
NYDFS Part 500: The November 2025 Deadlines, One Year On
The Second Amendment to NYDFS Part 500 added universal MFA and an asset inventory mandate on November 1, 2025. The April 2026 certification reveals where covered entities stand.
What is Phishing
Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.
Snowflake Customer Breaches 2024: Root Cause
The Snowflake customer breaches of 2024 were not a Snowflake compromise. Infostealer logs, shared credentials, and absent MFA did the damage, from Ticketmaster to AT&T.
What is Multi-Factor Authentication (MFA)
MFA blocks over 99% of credential-based attacks, but Uber, Cisco, and Twilio breaches show how push-bombing and AiTM phishing still get around it.
How to enable MFA on an AWS root account
A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.
How to configure Azure AD Conditional Access policies
A step-by-step guide to configure Azure AD conditional access policies safely — MFA enforcement, device compliance, report-only piloting, and troubleshooting tips.
What Is MFA (Multi-Factor Authentication)
MFA requires two or more independent proofs of identity before letting you in. Learn how it works, why it blocks stolen-password attacks, and the factor types involved.
Snowflake Customer Data Breaches: 165 Organizations Hit by Credential Theft Campaign
Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.
Cisco Duo Incident: Supply Chain Depth
Cisco Duo's 2024 disclosure about a telephony provider breach exposed SMS and voice MFA logs; the supply chain depth of authentication vendors is the story.
npm Registry Security Gets Serious: 2022's Major Improvements
From mandatory MFA for top packages to enhanced login verification, npm made significant security improvements in 2022. Here's what changed.