In this chapter, we'll explore endpoint attacks. If an attacker has control over your computing device, it is often “game over,” but MFA developers and end users can take many proactive steps to minimize risk from these types of attacks.

Endpoint Attack Risks

There has always been this general guiding security dogma that if an attacker has complete control over your endpoint there is nothing you can do to stop them from doing something malicious. No doubt every computer security professional innately knows this early on, even without being officially taught it, just because it seems like the most universal, plausible, commonsense fact anyone can understand in this field of study. Still, it never hurts to communicate and educate.

If a person or a team with unauthorized intent and with unlimited resources has uncontrolled physical or logical access to a device and the data that it contains, it would be the rare device and/or protection control that would prevent it from being compromised. Even the best controls with the best intentions will fall. It's just a matter of time. This is not to say that protecting against these types of attacks is worthless and should not be done. No, to the contrary. Computer security isn't binary, and if an attacker (or most attackers) can be prevented from doing easy compromises for a reasonable period of time, even if they have complete control of a device, that is a goal we should work toward. Don't let perfection be the enemy ...