Raxis MFA Phishy Icon

Phishy: Multifactor Authentication (MFA) Testing

How MFA protects your network

Multifactor authentication is one of the most effective safeguards available to ensure only legitimate users can log onto your network. It is based on the idea that an attacker might compromise a password, but requiring two or more independent means of confirmation dramatically increases the level of difficulty when they attempt to use it. However, even MFA has its limits.

Illustration of phishy authentication
Phishy Screenshot showing graph

Unfortunately, MFA can fail

The effectiveness of MFA depends greatly on the diligence of your team members. Raxis developed MFA Phishy after watching pentest customers blindly click on MFA push confirmation notices purely from habit. That means the most important benefit of MFA – an additional authentication layer – was essentially bypassed.

MFA Phishy is the Answer

At a time when nearly 84% of companies have experienced an identity-related breach, it’s more important than ever to know for certain where your weak points are – not to punish team members but, instead, to train them through repeated, random testing. MFA Phishy can help you permanently change your company’s behaviors and enable you to quantify the improvements over time. MFA Phishy currently supports Symantec VIP running on Azure AD, with future support coming for SMS.

Phishy Screenshot showing dashboard

How MFA Phishy works

MFA Phishy integrates with Symantec VIP when Symantec VIP is used with Microsoft Azure Active Directory. The tool gives administrators the ability to send bogus authentication requests to team members individually or to the entire organization. The security team can monitor the results in real time, view the performance of users over time, and export a CSV report from a given time period.

The user can either deny the MFA request or take no action at all. A user fails their phishing test only if they approve the malicious request. Retest as many people as many times as you’d like. If you’re like most companies we work with, you’ll soon see the failure rate trending toward zero and new employees catching on quickly.

Phishy Screenshot showing settings Phishy table of approved and denied results

Want to know more about Phishy?

We built Phishy after a customer expressed they had a need for phishing using MFA credentials. If you have ideas on how we can help you achieve better security, let's chat.

Contact us and let's talk about your project.

Let's get started
©2023 Raxis LLC - All rights reserved.