# #564: Hackers can bypass Your MFA In 2026 (And How To Stop It) Page: https://stenobird.com/podcast/david-bombal-5315180/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it Text version: https://stenobird.com/podcast/david-bombal-5315180/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it.md Podcast: [David Bombal](https://stenobird.com/podcast/david-bombal-5315180) Published: 2026-03-23T10:07:51+00:00 Episode link: https://soundcloud.com/davidbombal/564-hackers-can-bypass-your Audio file: https://feeds.soundcloud.com/stream/2288884733-davidbombal-564-hackers-can-bypass-your.mp3 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it Duration seconds: 2290 ## Resource Thank you to ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are your passwords and 2FA enough to stop a modern cyber attack? In this interview, Rob from ThreatLocker breaks down the dangerous reality of password reuse, SIM swapping, and why traditional SMS MFA is no longer bulletproof. We dive deep into how threat actors use reverse proxies like Evilginx to steal session cookies, allowing them to bypass multi-factor authentication and hijack your accounts without ever needing your password. Discover why relying on legacy VPNs and leaving firewall ports open to the internet massively increases your attack surface, leaving your organization just one brute-force attack away from ransomware. Finally, we explore the mechanics of ThreatLocker’s Zero Trust Network Access and Cloud Access, detailing how denying by default and routing through secure proxies can lock down Microsoft 365 and make your internal network effectively invisible to hackers. // Rob Allen’s SOCIAL // LinkedIn: / threatlockerrob X: https://x.com/threatlockerrob // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:57 - What is 2FA/MFA and why is… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/david-bombal-5315180/564-hackers-can-bypass-your-mfa-in-2026-and-how-to-stop-it.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.