Your Auth App Won't Save You: How Attackers Beat MFA in Minutes

Kevin Surace
3 minute read
You Did Everything Right. So Why Are Attackers Still Getting In?

You rolled out MFA. You pushed auth apps across the whole company. You ran phishing simulations. You checked the compliance boxes. And yet, somewhere right now, an attacker is walking through a front door you built and called secure. That's not pessimism. That's math. 

In a recent Brand Spotlight conversation with Sean Martin of ITSPmagazine, Token CEO Kevin Surace — one of the pioneers of the AI assistant — laid out the uncomfortable reality facing every CISO, identity architect, and risk owner in 2026: roughly 90% of breaches now begin with identity. Not a zero-day. Not a misconfigured firewall. Identity.

"Virtually all attacks are coming in the front door," Surace said. And the front door is your MFA.

The Attack That Requires Almost No Technical Skill

Here's how it works. An attacker builds a pixel-perfect replica of your login page — your corporate portal, your SSO, your VPN gateway. The copy is indistinguishable from the real thing. An employee gets a convincing message (increasingly AI-crafted, increasingly personalized) and clicks through.

What happens next doesn't require a sophisticated exploit. It requires a relay.

The employee types their credentials into the fake page. Those credentials are instantly forwarded to the real site. The real site sends back an MFA prompt. The fake page surfaces that prompt to the employee. The employee approves it — because they think they're logging in. And in real time, the attacker receives authenticated access to the real environment.

The MFA code was real. The approval was real. The fingerprint left on the crime scene points directly at a legitimate user.

"That's what happens with these phishing spoofing attacks," Surace explained. "You are coaxed into sharing your MFA code or touching your auth app and saying it's you — but it's not you. You've just let in the guy in Russia."

This is not a theoretical edge case. Surace cited a Microsoft-related compromise in which attackers exploited this exact method to access 96,000 accounts, and in some cases used Intune to issue device-wipe commands. Phones. Laptops. Gone. From a single identity slip.

Why Training Can't Close This Gap

The instinct is to double down on awareness. Better phishing simulations. More training hours. Sharper email filters.

Those things help at the margins. They do not change the fundamental equation.

Security awareness programs ask every employee to be perfect, every time, under conditions that are specifically designed to induce error. AI has made those conditions dramatically harder. Fake login pages are no longer slightly off — they are exact replicas. Vishing calls now sound like colleagues. Deepfake video is increasingly accessible. The attack surface isn't just email anymore.

Roger Grimes of KnowBe4 published a paper years ago describing twelve ways MFA and auth apps would eventually be compromised when attackers shifted their focus to identity. Surace's assessment of where we are: "All of those 12 methods have come to pass."

The problem isn't that employees are careless. The problem is that the authentication model still trusts a code or a tap — not a person.

What It Actually Takes to Prove a Human Is There

Faces can be cloned. Voices can be cloned. A six-digit code can be relayed in milliseconds.

A fingerprint, matched on-chip in a piece of hardware tied to the exact domain you registered on and to physical proximity to the device logging in — that's a very different story.

This is what Surace means by Assured Identity, the category Gartner has begun to define, and the architecture TokenCore is built around. The key properties aren't complicated, but they are strict:

  • The biometric never leaves the device. Match-on-chip means the fingerprint template is verified in secure hardware and the result — approved or denied — is what gets passed forward. There is no cloud database of biometric records to compromise.

  • The credential is cryptographically bound to the domain. TokenCore products implement FIDO2/WebAuthn, which means the private key associated with your login was negotiated with a specific registered origin during enrollment. A phishing page running on evil.example cannot solicit a valid credential for company.com. The cryptographic check fails before the attacker gets anything usable.

  • Proximity is required. The device must be physically present near the machine attempting to authenticate. A remote attacker relaying credentials from another country cannot satisfy a proximity requirement. There is no code to forward, no prompt to approve, no human decision to exploit.

The relay attack that compromised 96,000 accounts doesn't work against this model. There is nothing to relay.

"We think that the future — for any access to any application or network with data — has to be biometric assured identity," Surace told Sean Martin. "Otherwise you don't know who is logging in."

What This Means for Your Next Security Meeting

Legacy MFA was a meaningful improvement over passwords alone — in an era before attackers systematically industrialized identity attacks. That era is over.

If your identity roadmap still centers on authenticator apps, TOTP codes, or push-approval prompts as primary controls, you're defending the prior threat model. The current one has moved on.

The conversation Kevin Surace brought to this Brand Spotlight isn't about replacing your stack overnight. TokenCore is designed to integrate with existing IAM, SSO, and PAM deployments — not require a rip-and-replace. But it does require an honest reckoning with what "MFA rollout complete" actually means in 2026.

Completed isn't the same as protected.

Stay Identity Assured

Subscribe to The Assured Identity Brief for sharp insights on identity security, authentication, and the threats security leaders must stay ahead of.