Assessment of multi factor authentication techniques for mitigating phishing attack

Phishing remains one of the most prevalent and damaging cyber threats globally, exploiting human vulnerabilities and bypassing weak authentication systems. While many organizations rely on basic password authentication, the rapid evolution of phishing techniques has exposed the inadequacy of single-factor authentication in modern cybersecurity environments. This study investigates the effectiveness of multi-factor authentication (MFA) as a countermeasure against phishing attacks by conducting an experimental evaluation involving 100 participants divided into MFA-protected and non-protected groups. Three MFA methods, SMS-based one-time passwords (OTP), time-based authenticator applications (TOTP), and biometric verification, were tested against various phishing attack scenarios, including classic phishing, adversary-in-the-middle (AiTM), credential reuse, SIM-swap, push fatigue, and contextual attacks. Results show that biometric authentication provides the highest resistance to phishing, with an average attack-success rate of only 3–5%, while TOTP demonstrates moderate resilience. SMS-OTP exhibited significant weaknesses, particularly in AiTM and SIM-swap attacks. Participants without MFA experienced the highest compromise rate, exceeding 60% across all attack types. The study significantly contributes to cybersecurity research by empirically demonstrating the comparative strengths of MFA mechanisms in real-world phishing environments. The findings provide actionable recommendations for organizations seeking to strengthen authentication systems and reduce phishing vulnerabilities through robust MFA adoption and improved user awareness.