Identity is the New Perimeter — How Attackers Bypass MFA in 2026

Identity is the New Perimeter — How Attackers Bypass MFA in 2026

From Security in 45 by Mike Veedock and Andres Sarmiento

March 27, 2026 · 36 min · Season 3 · Episode 2

About this episode

The episode discusses the evolution of identity as a security perimeter and the methods attackers use to bypass MFA in 2026.

Identity has officially replaced email as the #1 threat vector — and attackers already know you have MFA. In this episode, Andres and Mike break down why the old network perimeter is dead, what modern identity attacks look like in the wild, and the concrete steps every organization should take to defend themselves in 2026. What we cover: 🔴 Identity is the New Perimeter Credentials, sessions, and tokens are the crown jewels now. Your firewall no longer defines your security boundary — your identity layer does. 🏛️ IGA — Identity Governance & Administration Not a product, a framework. How organizations manage user identities, roles, permissions, and compliance across every user, device, and workload. ⚔️ Modern Identity Attacks Push Fatigue — bots flooding MFA requests timed for nights and weekends Token Theft — bypasses MFA entirely by stealing your session OAuth Abuse — using legitimate workflows to gain persistent app access Session Hijacking — stealing cookies and replaying tokens Privilege Escalation — enumerating users, targeting admin accounts 🔐 MFA Evolution Phishing-resistant MFA, BLE proximity auth (your phone must be physically near the device), passwordless with…

People in this episode

Hosts: Mike Veedock, Andres Sarmiento

Topics covered

  • identity security
  • MFA
  • identity attacks
  • cybersecurity
  • defense strategies
  • identity governance

Keywords

  • identity
  • MFA
  • cyber attacks
  • credential theft
  • session hijacking
  • phishing-resistant MFA
  • identity governance
  • OAuth abuse

Mentioned in this episode

Organizations: Cisco

Products: Cisco Duo, Persona

More episodes of Security in 45

Explore listener stats, chart rankings, contacts and more on the Security in 45 podcast page.