Please! Please! Please! Please use Two Factor Authentication!
We know! We get it! It’s annoying. That extra step between you and your inbox, your files, banking, shopping accounts and more. But two-factor authentication (2FA) is one of the simplest, most effective ways to protect your digital life.
But Why Use Two Factor Authentication?
Passwords alone are no longer enough. Even if yours is long, complex, and unique, it might already be floating around the dark web. A recent study revealed that over 19 billion passwords were leaked between April 2024 and April 2025, and 94% of them were reused or weak (Cyber News, n.d.) Only 6% were unique, leaving most users vulnerable to forms of cyber-attacks such as dictionary attacks and credential stuffing.
Even worse, 80% of data breaches are caused by weak or stolen passwords.
Are complicated secret passwords enough?
Even if you’ve never shared your password and it is complex, I bet you have all used the same password more than once? The problem is that your email address, username and passwords may have been used on another website which may have inadvertently leaked that data. They can use that email address and password to attempt to access other websites such as Microsoft 365. it’s an almost weekly occurrence that there is a new news story where a well-known company has been breached and seen it’s secure data leaked
For example, if you are thinking of applying for a job serving burgers, fries and Happy Meals….. you might want to think again!
Mcdonald’s AI bot – McHire
To give you a good example, security researchers Ian Carroll and Sam Curry discovered that McDonald’s AI hiring platform, McHire, had a severe vulnerability (McHire, n.d.). The system Mchire used the password “123456” for administrator access, one of the most commonly guessed passwords in the world, using this information it took researchers 30 minutes to obtain:
- Gain full access to the backend system.
- View and extract names, email addresses, phone numbers, and chat logs of job applicants.
- Identify 64 million records potentially exposed
McHire is powered by an AI chatbot named “Olivia”, developed by a company called Paradox.ai, which automates the recruitment process for McDonald’s franchise locations. It will conduct initial candidate screenings collecting their contact details and resumes and guiding applicants through assessments using natural language processing.
- Conducts initial screenings.
- Collects contact details and résumés.
- Guides applicants through assessments using natural language processing.
The backend infrastructure storing these interactions was poorly secured, allowing unauthorised access to not just data, but sensitive and confidential data of 64 million job applicants(1). That’s nearly the population of the UK! This is just one example of how easy it is to obtain a large database of email addresses and passwords.
The Importance of Two Factor Authentication
Microsoft 365 is one of the most heavily targeted systems for password-based attacks. It is used by millions of businesses for email, file storage, and collaboration and a single compromised account can give access to emails, SharePoint, Teams, OneDrive, and even admin controls.Microsoft 365 is one of the most heavily targeted systems for password-based attacks. It is used by millions of businesses for email, file storage, and collaboration and a single compromised account can give access to emails, SharePoint, Teams, OneDrive, and even admin controls.
We often find there is some resistance when it comes to implementing Two-Factor Authentication and that’s because it is annoying. We know! We get it! Obtaining your email address is easy for attackers, often it’s available on websites or LinkedIn. Without Two-Factor Authentication, an attacker just needs some sophisticated software to guess your password or the password is found in another website breach.
So, what can you do to safeguard yourself and your organisation?
Embrace the inconvenience. Enable Two-Factor Authentication wherever possible, it adds a critical extra layer of protection making it exponentially harder for attackers to gain access, even if your password slips into the wrong hands.
Choose strong, unique passwords, stay vigilant for phishing attempts, and never underestimate the value of regular security training.
At CIM Software, we specialise in proactive IT support, continually monitoring your systems for emerging threats, ensuring updates and security measures are always up to date. We do this through the implementation of state of the art endpoint protection and encryption, providing reliable server, desktop and Microsoft backups. We also ensure the highest level of email security making your data safe proving peace of mind to you and your clients. For more information about how we can help, please feel free to contact us.
