Safeguard
Tag

mfa

Safeguard articles tagged "mfa" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Best Practices

The security hygiene checklist most engineering orgs still skip

22% of breaches start with stolen credentials, per Verizon's 2025 DBIR. A quarter-long hygiene checklist — patching, MFA, secrets, least privilege — closes most of that gap.

Jul 14, 20266 min read
Security Guides

OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide

Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.

Jul 5, 20266 min read
Compliance

NYDFS Part 500: The November 2025 Deadlines, One Year On

The Second Amendment to NYDFS Part 500 added universal MFA and an asset inventory mandate on November 1, 2025. The April 2026 certification reveals where covered entities stand.

May 6, 20266 min read
Vulnerability Analysis

What is Phishing

Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.

Mar 26, 20268 min read
Incident Analysis

Snowflake Customer Breaches 2024: Root Cause

The Snowflake customer breaches of 2024 were not a Snowflake compromise. Infostealer logs, shared credentials, and absent MFA did the damage, from Ticketmaster to AT&T.

Mar 8, 20267 min read
Best Practices

What is Multi-Factor Authentication (MFA)

MFA blocks over 99% of credential-based attacks, but Uber, Cisco, and Twilio breaches show how push-bombing and AiTM phishing still get around it.

Feb 15, 20266 min read
Cloud Security

How to enable MFA on an AWS root account

A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.

Feb 15, 20268 min read
Cloud Security

How to configure Azure AD Conditional Access policies

A step-by-step guide to configure Azure AD conditional access policies safely — MFA enforcement, device compliance, report-only piloting, and troubleshooting tips.

Feb 14, 20267 min read
Concepts

What Is MFA (Multi-Factor Authentication)

MFA requires two or more independent proofs of identity before letting you in. Learn how it works, why it blocks stolen-password attacks, and the factor types involved.

Aug 6, 20246 min read
Incident Analysis

Snowflake Customer Data Breaches: 165 Organizations Hit by Credential Theft Campaign

Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.

Jun 10, 20245 min read
Incident Analysis

Cisco Duo Incident: Supply Chain Depth

Cisco Duo's 2024 disclosure about a telephony provider breach exposed SMS and voice MFA logs; the supply chain depth of authentication vendors is the story.

May 25, 20247 min read
Open Source Security

npm Registry Security Gets Serious: 2022's Major Improvements

From mandatory MFA for top packages to enhanced login verification, npm made significant security improvements in 2022. Here's what changed.

Oct 1, 20226 min read
mfa — Safeguard Blog