MFA often fails in Windows environments due to reliance on Active Directory for logins, allowing attackers to exploit valid credentials. Key vulnerabilities include local logins, RDP access, legacy NTLM, Kerberos ticket abuse, local admin credential reuse, SMB authentication, and unmonitored service accounts. To mitigate these risks, organizations should enforce strong password policies, block compromised passwords, limit legacy protocols, and audit service accounts. Effective tools like Specops can enhance security against credential abuse.
https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html