The effectiveness of 2FA – or: Why we need to do this
Strengthening digital security together
2025/10/20
Cyberattacks against universities and research institutions are increasing significantly. Two-Factor Authentication (2FA) reliably protects against unauthorised access and is a key component of IT security at TU Darmstadt.
Cyberattacks on German companies, public institutions and universities are on the rise – and according to recent analyses, Germany has now become the main target for cyberattacks within the EU.
An article by “Der Spiegel” (October 2025), citing the EU Agency for Cybersecurity (ENISA), reports that Two-Factor Authentication (2FA/MFA) prevents 99.9 % of all unauthorised access attempts.
In other words: only 0.1 % of attacks succeed despite multi-factor protection (MFA). This excellent protective effect has been proven by numerous studies and scientific investigations. Details can be found below in the section ‘What do other studies and statistics say?’.
Protect your TU ID – activate 2FA now!
Every activation helps strengthen the digital security of our entire university. Security is a shared responsibility.
Universities and research institutions are attractive targets for cybercriminals – from data theft to ransomware.
A single compromised account (an account that has been taken over by attackers) can cause significant damage, putting research data, teaching materials or personal information at risk.
By introducing mandatory 2FA, we protect:
- our accounts and systems,
- our data and research results,
- and, not least, the digital security of the entire university.
Security measures such as 2FA are not merely technical requirements – they reflect our collective responsibility. Each individual activation strengthens the university’s resilience against cyberattacks.
We therefore ask all staff members: Please activate 2FA for your TU-ID if you have not yet done so.
It only takes a few minutes – and protects you from 99.9 % of unauthorised access attempts.
Further information and activation instructions are available on our website configure 2FA.
Beyond the university context, numerous studies and security analyses confirm the strong effectiveness of Multi-Factor Authentication (MFA).
They show that MFA is one of the most effective tools to prevent unauthorised account access – across all industries and organisation types.
Microsoft & academic research
- According to Microsoft, 99.9 % of compromised accounts had no MFA enabled – clear evidence of its protective effect.
- A study by Microsoft Research and the University of Illinois (Meyer et al., 2023) found that MFA reduces account takeover risks by more than 99 %, often to nearly zero.
Sources:
Microsoft Security Blog, “One simple action you can take to prevent 99.9 percent of account attacks”, 2019 (opens in new tab)
Der Spiegel, „Deutschland ist Hauptziel von Cyberangriffen in der EU“, Oktober 2025 (opens in new tab)
Meyer et al., Microsoft Research / University of Illinois, “How Effective is Multi-Factor Authentication?”, 2023 (opens in new tab)
Google Security Research
Google’s research also highlights the protective impact of MFA:
- MFA blocks 100 % of automated bot attacks,
- around 96 % of bulk phishing attempts,
- and 76 % of targeted (spear-phishing) attacks.
Zippia / “17 Essential Multi-Factor Authentication Statistics”
The platform Zippia collects industry-wide statistics on MFA usage and effectiveness. Among the most important findings:
- MFA prevents 99.9 % of modern automated cyberattacks, stops 96 % of bulk phishing and 76 % of targeted attacks,
- 81 % of data breaches result from weak or stolen passwords,
- Notably, many organisations still do not use MFA consistently – especially smaller companies: only 13 % of employees in SMEs are required to use MFA, in large companies (with 10,000 + employees) this share is significantly higher.
Source:
Zippia, “17 Essential Multi-Factor Authentication Statistics”, 2025 (opens in new tab)
