Episode

#564: Hackers can bypass Your MFA In 2026 (And How To Stop It)

Podcast: David Bombal
Published: Mar 23, 2026
Duration seconds: 2290
Processing state: not_requested
Canonical source: https://soundcloud.com/davidbombal/564-hackers-can-bypass-your
Audio: https://feeds.soundcloud.com/stream/2288884733-davidbombal-564-hackers-can-bypass-your.mp3
JSON: /v1/public/podcasts/david-bombal-5315180/episodes/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it
Markdown: /podcast/david-bombal-5315180/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it.md

Actions

POST https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it/transcription-requests
Idempotently request low-priority transcript generation for this episode.
GET https://stenobird.com/podcast/david-bombal-5315180/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it.md
Read the agent-friendly Markdown representation of this episode resource.

Summary

Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why traditional SMS MFA is no longer bulletproof. We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password. Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively increases your attack surface, leaving your organization just one brute-force attack away from ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access and Cloud Access, detailing how denying by default and routing through secure proxies can lock down Microsoft 365 and make your internal network effectively invisible to hackers. // Rob Allen’s SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 0:00 - Coming up 0:57 - What is 2FA/MFA and why is…