We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. But while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.
This is where multi-factor authentication can serve as another security control. Multi-Factor Authentication (MFA) is an added security factor that verifies a user’s identity by requiring multiple steps to authenticate login credentials. Instead of just asking for a username and password, MFA requires that a user provides an additional step of authentication from these three categories:
- Something you are (fingerprint, facial recognition)
- Something you have (security card, mobile phone, iPad)
- Something you know (your password, passphrase, PIN)
MFA is typically set up to include the “something you know” (i.e. your username and password) with “something you have” (e.g. a one-time passcode from a device you own, such as your mobile phone).
In recent years, multi-factor authentication has become more common for personal use, and many online applications (Apple, Facebook, Instagram, Twitter, Google, and LinkedIn) have adopted MFA processes. As businesses face the need to lock down additional programs and applications to protect their data, it’s important to consider enforcing multi-factor authentication as part of an IT security plan.
Why deploy & enforce MFA:
- Layered Security Protections. While anti-virus, firewalls, and password management strategies are a component of your overall IT strategy, you still want to make it as difficult as possible for attackers to log into your systems if they happen to steal or crack credentials. They can not only access data, but can hijack systems, alter programs, or introduce malicious code. If someone had easy access to all your company’s key data, imagine how they could use it to hurt your business and your bottom line.
- Password theft will continue to accelerate. Cybercriminals are constantly innovating new techniques to steal the keys to your company’s gate. Adding MFA requires that all user identities are verified before they can log into corporate applications.
- Remote work and remote systems access are here to stay. More users are working remotely, still needing access to their company files and systems. Adding MFA creates a second layer of security to ensure that whoever is accessing remote resources is exactly who they claim to be.
With the increase of cyberattacks on businesses using stolen credentials and phishing tactics, password strength alone cannot be relied on as the only layer of protection. Multi-factor authentication is a proven way to stop 99.9% of automated attacks that would otherwise succeed by using a compromised or easily guessed password.
