I ran across this article the other day about 5 signs you have compromised credentials on your network. None of the signs are necessarily new or unique, but I thought this was a concise description of several potential threats in one place. To me though, what these point out is the need for 2FA in wider adoption.
While 2FA does not, by itself, necessarily prevent any of these behaviors, it makes them much more unlikely to succeed since the need for the second factor, be it a token, smartphone or anything else, means a password along can’t succeed.
Importantly though, it is also clear that it is critical that all authentication be audited so potential problems can be spotted. The generation of reports about authentication attempts, especially unsuccessful ones, is a key component to any authentication solution, no matter how many factors it supports. The important thing to always remember though, is that the higher you raise the bar for hackers, the more confidence you can have in your overall security posture.