We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. And while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.
This is where multi-factor authentication can serve as another security control. Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. Instead of just asking for a username and password, MFA requires that a user provides two separate types of authentication from these three categories:
- Something you are (fingerprint, facial recognition)
- Something you have (security card, mobile phone, iPad)
- Something you know (your password, passphrase, PIN)
MFA is typically set up to include the “something you know” (i.e. your username and password) with “something you have” (e.g. a one-time passcode from a device you own, such as your mobile phone).
In recent years, multi-factor authentication has become more common for personal use, and many online applications (Apple, Facebook, Instagram, Twitter, Google, and LinkedIn) have adopted MFA processes.
As businesses need to lock down additional programs and applications to protect their data, it’s important they strongly consider adding a multi-factor authentication process to their IT security plan.
1. While antivirus, firewalls, and password management strategies are a component of your overall IT strategy, you still want to make it as difficult as possible for attackers to even log into your systems. They not only take data, but can hijack systems, alter programs or introduce malicious code. If someone had easy access to all your company’s key data, imagine how they could use it to hurt your business and your bottom line.
2. Password theft will continue to accelerate. Cybercriminals are constantly innovating new techniques to steal the keys to your company’s gate. Adding MFA requires that all user identities are verified before they can log into corporate applications.
3. Today, more and more people are working remotely but still need access to their files and company-wide information. Since accessing remote environments does not require someone to be onsite in order to gain access, adding MFA creates a second layer of security to ensure that whoever is accessing the remote resources are really who they claim to be.
With the increase of cyber attacks on businesses, password strength alone cannot be relied on as the only layer of protection. Multi-factor authentication is a proven way to stop 99.9% of automated attacks that would otherwise succeed by using a compromised or easily guessed password.