Attacks on Microsoft user accounts that are capable of bypassing multi-factor authentication (MFA) protections are so rare that the Redmond-based company doesn’t even have stats for them.

“Compared to password attacks, attacks which target non-password authenticators are extremely rare,” said Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft.

“When we evaluate all the tokens issued with MFA claims, we see that less than 10% of users use MFA per month in our enterprise accounts (and that includes on premises and third party MFA),” Weinert added.