Aurilaki / Your Photo / Getty Images
Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster. And while more businesses are using more MFA methods to protect user logins, it still is far from universal. Indeed, according to a survey conducted by Microsoft last year, 99.9% of compromised accounts did not use MFA at all and only 11% of enterprise accounts are protected by some MFA method.