Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks. From a report: The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service. If the service provider supports multi-factor authentication, Microsoft recommends using it, regardless if it’s something as simple as SMS-based one-time passwords, or advanced biometrics solutions. “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA,” said Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft. Weinert said that old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help. He should know. Weinert was one of the Microsoft engineers who worked to ban passwords that became part of public breach lists from Microsoft’s Account and Azure AD systems back in 2016. As a result of his work, Microsoft users who were using or tried to use a password that was leaked in a previous data breach were told to change their credentials.