Speaking at the RSA security conference last week, Microsoft engineers said that 99.9% of the compromised accounts they track every month don’t use multi-factor authentication, a solution that stops most automated account attacks.
The cloud giant said it tracks more than 30 billion login events per day and more than one billion monthly active users.
Microsoft said that, on average, around 0.5% of all accounts get compromised each month, a number that in January 2020 was about 1.2 million.
While all account hacks are bad, they are worse when the account is for enterprise use. Of these highly-sensitive accounts, only 11% had a multi-factor authentication (MFA) solution enabled, as of January 2020, Microsoft said.