{"id":25874,"date":"2026-04-02T07:00:59","date_gmt":"2026-04-02T11:00:59","guid":{"rendered":"https:\/\/www.rsa.com\/?p=25874"},"modified":"2026-04-02T11:20:26","modified_gmt":"2026-04-02T15:20:26","slug":"how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa","status":"publish","type":"post","link":"https:\/\/www.rsa.com\/pt_br\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/","title":{"rendered":"Como os invasores contornam a MFA e o que as equipes de seguran\u00e7a podem aprender"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"","protected":false},"author":6,"featured_media":25875,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":"","inline_featured_image":false,"footnotes":""},"categories":[61],"tags":[75,147,69,68,76],"class_list":["post-25874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-multi-factor-authentication","tag-iam","tag-lapsus","tag-mfa","tag-multi-factor-authentication","tag-zero-trust"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Attackers Bypass MFA and What Security Teams Can Learn - RSA<\/title>\n<meta name=\"description\" content=\"Learn how attackers bypass MFA by exploiting configuration gaps, third-party access, and fail-open systems, and see how RSA helps reduce risk.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rsa.com\/pt_br\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA | RSA Blog\" \/>\n<meta property=\"og:description\" content=\"Learn how data breaches can result from threat actors evading MFA and the identity security best practices needed to stop them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rsa.com\/pt_br\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/\" \/>\n<meta property=\"og:site_name\" content=\"RSA\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-02T11:00:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-02T15:20:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-social.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Ben Lebeaux\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA | RSA Blog\" \/>\n<meta name=\"twitter:description\" content=\"Learn how data breaches can result from threat actors evading MFA and the identity security best practices needed to stop them.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-social.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@bcomroe@logical-inc.com\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/\"},\"author\":{\"name\":\"Ben Lebeaux\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#\\\/schema\\\/person\\\/597f5b8f2d9eb8876c9be212f4dcdce9\"},\"headline\":\"How Attackers Bypass MFA and What Security Teams Can Learn\",\"datePublished\":\"2026-04-02T11:00:59+00:00\",\"dateModified\":\"2026-04-02T15:20:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/\"},\"wordCount\":10,\"publisher\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp\",\"keywords\":[\"IAM\",\"LAPSUS$\",\"MFA\",\"Multi-factor authentication\",\"Zero Trust\"],\"articleSection\":[\"Multi-Factor Authentication\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/\",\"url\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/\",\"name\":\"How Attackers Bypass MFA and What Security Teams Can Learn - RSA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp\",\"datePublished\":\"2026-04-02T11:00:59+00:00\",\"dateModified\":\"2026-04-02T15:20:26+00:00\",\"description\":\"Learn how attackers bypass MFA by exploiting configuration gaps, third-party access, and fail-open systems, and see how RSA helps reduce risk.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp\",\"contentUrl\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp\",\"width\":1200,\"height\":630,\"caption\":\"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/resources\\\/blog\\\/multi-factor-authentication\\\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.rsa.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Attackers Bypass MFA and What Security Teams Can Learn\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#website\",\"url\":\"https:\\\/\\\/www.rsa.com\\\/\",\"name\":\"RSA\",\"description\":\"Cybersecurity and Digital Risk Management Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.rsa.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#organization\",\"name\":\"RSA\",\"url\":\"https:\\\/\\\/www.rsa.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/rsa.png\",\"contentUrl\":\"https:\\\/\\\/www.rsa.com\\\/wp-content\\\/uploads\\\/rsa.png\",\"width\":2880,\"height\":1020,\"caption\":\"RSA\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.rsa.com\\\/#\\\/schema\\\/person\\\/597f5b8f2d9eb8876c9be212f4dcdce9\",\"name\":\"Ben Lebeaux\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/bcomroe@logical-inc.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Como os invasores contornam a MFA e o que as equipes de seguran\u00e7a podem aprender - RSA","description":"Saiba como os invasores contornam a MFA explorando lacunas de configura\u00e7\u00e3o, acesso de terceiros e sistemas abertos com falhas, e veja como a RSA ajuda a reduzir os riscos.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rsa.com\/pt_br\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/","og_locale":"pt_BR","og_type":"article","og_title":"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA | RSA Blog","og_description":"Learn how data breaches can result from threat actors evading MFA and the identity security best practices needed to stop them.","og_url":"https:\/\/www.rsa.com\/pt_br\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/","og_site_name":"RSA","article_published_time":"2026-04-02T11:00:59+00:00","article_modified_time":"2026-04-02T15:20:26+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-social.webp","type":"image\/webp"}],"author":"Ben Lebeaux","twitter_card":"summary_large_image","twitter_title":"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA | RSA Blog","twitter_description":"Learn how data breaches can result from threat actors evading MFA and the identity security best practices needed to stop them.","twitter_image":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-social.webp","twitter_creator":"@bcomroe@logical-inc.com","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#article","isPartOf":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/"},"author":{"name":"Ben Lebeaux","@id":"https:\/\/www.rsa.com\/#\/schema\/person\/597f5b8f2d9eb8876c9be212f4dcdce9"},"headline":"How Attackers Bypass MFA and What Security Teams Can Learn","datePublished":"2026-04-02T11:00:59+00:00","dateModified":"2026-04-02T15:20:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/"},"wordCount":10,"publisher":{"@id":"https:\/\/www.rsa.com\/#organization"},"image":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp","keywords":["IAM","LAPSUS$","MFA","Multi-factor authentication","Zero Trust"],"articleSection":["Multi-Factor Authentication"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/","url":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/","name":"Como os invasores contornam a MFA e o que as equipes de seguran\u00e7a podem aprender - RSA","isPartOf":{"@id":"https:\/\/www.rsa.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#primaryimage"},"image":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp","datePublished":"2026-04-02T11:00:59+00:00","dateModified":"2026-04-02T15:20:26+00:00","description":"Saiba como os invasores contornam a MFA explorando lacunas de configura\u00e7\u00e3o, acesso de terceiros e sistemas abertos com falhas, e veja como a RSA ajuda a reduzir os riscos.","breadcrumb":{"@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#primaryimage","url":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp","contentUrl":"https:\/\/www.rsa.com\/wp-content\/uploads\/cybersecurity-lessons-learned-from-data-breaches-that-evaded-mfa-rsa-blog.webp","width":1200,"height":630,"caption":"Cybersecurity Lessons Learned from Data Breaches that Evaded MFA"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rsa.com\/resources\/blog\/multi-factor-authentication\/how-attackers-bypass-mfa-and-how-to-reduce-risk-rsa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rsa.com\/"},{"@type":"ListItem","position":2,"name":"How Attackers Bypass MFA and What Security Teams Can Learn"}]},{"@type":"WebSite","@id":"https:\/\/www.rsa.com\/#website","url":"https:\/\/www.rsa.com\/","name":"RSA","description":"Solu\u00e7\u00f5es de seguran\u00e7a cibern\u00e9tica e gerenciamento de riscos digitais","publisher":{"@id":"https:\/\/www.rsa.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rsa.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.rsa.com\/#organization","name":"RSA","url":"https:\/\/www.rsa.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.rsa.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.rsa.com\/wp-content\/uploads\/rsa.png","contentUrl":"https:\/\/www.rsa.com\/wp-content\/uploads\/rsa.png","width":2880,"height":1020,"caption":"RSA"},"image":{"@id":"https:\/\/www.rsa.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.rsa.com\/#\/schema\/person\/597f5b8f2d9eb8876c9be212f4dcdce9","name":"Ben Lebeaux","sameAs":["https:\/\/x.com\/bcomroe@logical-inc.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/posts\/25874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/comments?post=25874"}],"version-history":[{"count":7,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/posts\/25874\/revisions"}],"predecessor-version":[{"id":37473,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/posts\/25874\/revisions\/37473"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/media\/25875"}],"wp:attachment":[{"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/media?parent=25874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/categories?post=25874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rsa.com\/pt_br\/wp-json\/wp\/v2\/tags?post=25874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}