
Identity is the New Perimeter — How Attackers Bypass MFA in 2026
From Security in 45 by Mike Veedock and Andres Sarmiento
March 27, 2026 · 36 min · Season 3 · Episode 2
About this episode
The episode discusses the evolution of identity as a security perimeter and the methods attackers use to bypass MFA in 2026.
Identity has officially replaced email as the #1 threat vector — and attackers already know you have MFA. In this episode, Andres and Mike break down why the old network perimeter is dead, what modern identity attacks look like in the wild, and the concrete steps every organization should take to defend themselves in 2026. What we cover: 🔴 Identity is the New Perimeter Credentials, sessions, and tokens are the crown jewels now. Your firewall no longer defines your security boundary — your identity layer does. 🏛️ IGA — Identity Governance & Administration Not a product, a framework. How organizations manage user identities, roles, permissions, and compliance across every user, device, and workload. ⚔️ Modern Identity Attacks Push Fatigue — bots flooding MFA requests timed for nights and weekends Token Theft — bypasses MFA entirely by stealing your session OAuth Abuse — using legitimate workflows to gain persistent app access Session Hijacking — stealing cookies and replaying tokens Privilege Escalation — enumerating users, targeting admin accounts 🔐 MFA Evolution Phishing-resistant MFA, BLE proximity auth (your phone must be physically near the device), passwordless with…
People in this episode
Hosts: Mike Veedock, Andres Sarmiento
Topics covered
- identity security
- MFA
- identity attacks
- cybersecurity
- defense strategies
- identity governance
Keywords
- identity
- MFA
- cyber attacks
- credential theft
- session hijacking
- phishing-resistant MFA
- identity governance
- OAuth abuse
Mentioned in this episode
Organizations: Cisco
Products: Cisco Duo, Persona
More episodes of Security in 45
- Zero Trust in the Real World · February 9, 2026 · 38 min
- S2 E3 - Breaking down Segmentation with Chad Buey and Sam Baxter · December 13, 2024 · 56 min
- S2 E2 - Simplicity with SSE - Cisco Secure Access Discussion with David Keller and Justin Murphy · November 1, 2024 · 52 min
- XDR Conversation with Briana Farro and Matt Robertson · October 2, 2024 · 1h 1m
- Security & Artificial Intelligence with with Joel Sprague and Sudhir Desai · October 2, 2024 · 56 min
- Zero Trust with Estefania Fernandez and Neil Lovering · October 2, 2024 · 49 min
Explore listener stats, chart rankings, contacts and more on the Security in 45 podcast page.