MFA ensures that a compromise of a username and password does not result in a breach of a system. Because an attacker doesn’t have access to the second factor, the integrity of the system is preserved.
But can MFA protect you if your SSO provider gets hacked?
The answer to this question is, “It depends.”
In this talk, I’ll cover different ways to think about the security guarantees provided by MFA, and a few simple concepts that can be used to architect systems that are robust, even in the face of a catastrophic compromise of your SSO provider.