What is multi-factor authentication?
Multi-factor authentication (MFA) is an electronic method of authentication in which a person is given access to a tool only after showing two or more verification mechanisms. For example, imagine the steps you take to protect your house from intruders. The first step is to lock the door to prevent anyone unwanted from entering. To be extra secure, you might take an additional step to lock the door handle AND the dead bolt. In this example, the door lock is your password and MFA is the dead bolt. In most cases the door lock alone will work fine, but if an intruder really wants to get in, the dead bolt may be the most important line of defense in keeping your home safe. MFA is the necessary line of defense protecting companies from cyber-attacks.
Most companies today have password security policies with several requirements. When creating or resetting a password, for example, there’s typically a required minimum character count, a required combination of upper- and lower-case letters, numbers, and special characters. And passwords should never be shared or written down – no sticky notes left on the desk! But even with all the right password measures in place, there’s still the possibility of compromise. That’s where the importance of MFA comes in.
As technology and best practices for password security grow and advance, so do cybercriminals’ methods of stealing those passwords. By enabling MFA, you’re adding another layer of security to keep your accounts safe even if a cybercriminal somehow manages to get your password.
Related: 6 Ways to Protect Yourself from Cyber Attacks
How does multi-factor authentication work?
There are a variety of ways to authenticate someone other than a password. For example, in addition to a password, MFA might ask you to enter a code that was sent to your email or answer a secret question that only you know the answer to. One of the most common ways MFA works is by securing the user’s account with a digitally produced 6-digit code that resets every 30 seconds. After entering the initial password, the user is then prompted for the MFA code. This is often stored in a secure app like Okta or Cisco Duo on a smart phone but can also come as a text message or phone call with an automated message providing the code. The method used is set by the user and depends on the MFA options each service provides.
Once provided, the 6-digit code is needed to complete login. The code expires and is regenerated every 30 seconds. This makes it nearly impossible for a cybercriminal to guess or hack. Because the authentication cadence is set with a phone number or MFA mobile app, the cybercriminal would need to first get the user’s password, and, when prompted to pass multi-factor authentication, the criminal would have to physically have the user’s phone in their possession to get the MFA code. This second line of defense makes a big difference and will often halt cybercriminals in their tracks.
Best practices for setting up multi-factor authentication
Businesses of any size should implement multi-factor authentication as part of their standard workplace policies no matter what– and there are things you can do to make MFA work most effectively.
1. Fine-tune user accessibility
Putting standards in place to ensure employees have access to ONLY the tools and applications they need to conduct business will make the environment more secure.
2. Regulated rules for passwords
In addition to having certain requirements for passwords, like character count, the use of numbers and special characters, etc., a best practice is to have employees change their passwords regularly – at least every six or 12 months. There are ways to automate the password update process by denying users’ access if a password hasn’t been changed by a predetermined length of time.
3. Less privilege for new team members
New employees should have the bare minimum access they need to be successful in their role. As an individual continues to work for a company, their privileges can gradually expand.
What is an example of multi-factor authentication working successfully?
As we all know, the past few years has dramatically changed the way people work. More people now work remotely or in a hybrid role and are accessing work resources from their home network. This may not be as secure as the network at your office, and MFA serves to protect your company’s data and business in this situation.
Additionally, many email clients offer a web-based version of their application so users can access their inbox more freely. This means a user can log in to their company email account from a public machine and web browser, risking the possibility of forgetting to properly log out or remove information and leaving an easy “in” for a cybercriminal. In a situation like this, the cybercriminal may be able to login using a mistakenly stored password, but with MFA – tied to the user’s device – the criminal would not be able to complete a successful login. If your email service provides online email access, MFA should be considered non-negotiable.
Related: The Technical Guide to Combatting Business Email Compromise
In conclusion: Implement multi-factor authentication
Yes, multi-factor authentication adds another step that may feel cumbersome – but it’s nothing compared to the pain of having your business’s data compromised and the legal and financial implications that come as a result. Security, ultimately, isn’t about convenience; it’s about protecting your data. Even if a company does not have remote employees or web-based email access, MFA is still recommended for a secure environment. Think of MFA not as an additional step, but as an added layer of protection for your business’s data and workflow.
Collabrance helps managed services providers deliver the security solutions their SMB customers need. Click the link below to download our free MFA infographic to share with your prospects and customers, and visit our managed security resources page to learn more.
