"Only 11% of enterprise users make use of those tools (Speaking of MFA). That means a staggering 89% of accounts remain open to fairly simple attacks." Forbes
Why is Multi-factor Authentication (MFA) Important?
To understand multi-factor authentication, we can start by understanding what is ‘authentication’. When you go to log in to an account or device, for security purposes, there are some forms of proof that you have the authorization to be granted the access that you’re requesting.
The simplest form of authentication is the use of login credentials, such as a User Name and Password.
Unfortunately, many services or online accounts use an email address as the Username, to make it easier for them to manage multiple logins and provide high-quality support and customer success services.
This makes half of the log-in credentials for your company easy to guess. Using a tool like hunter.io, company addresses are easily discovered, or at least the structure of your email addresses is easy to discern, getting hackers and bad actors halfway into your systems.
While we would all like every employee to use the best password management techniques, unfortunately, this is a challenge in virtually every business and using some well-known techniques, passwords can be guessed or cracked.
That Means We All Should be Using Multi-factor Authentication
Multi-factor authentication is a methodology whereby someone is granted access to a computer, device, or application only after providing two or more pieces of evidence (the ‘factors’) that verify who they are.
Typical Forms of Multi-factor Authentication Are:
Something that only you would likely know, such as your mother’s maiden name or the brand of your first car.
While this is an additional barrier, oftentimes these are discoverable given some effort or access to another of your accounts like your credit history.
Don’t take social media quizzes! This is one method of extracting information along these lines. Also, don’t use easily discoverable factors like your birthday.
Something that only you would have, like a USB drive or a key, or at an ATM, your debit card. This also relates to texting another device, such as a one-time SMS code to your mobile phone, the assumption being that you only would be in possession of it.
Oftentimes you will be sent a one-time password to regain access to your account or to change your password.
Is an advanced form of multi-factor authentication and, other than in Mission Impossible movies, very hard to beat.
Why Multi-factor Authentication is More Important Than Ever
Phishing attacks using COVID-19 as a lure are the most noticeable and immediate cybersecurity risk during this pandemic. Attackers are utilizing Credential Phishing, where they put up a fake login page to trick individuals/staff into entering their credentials.
Multi-factor authentication is a great form of defense against this as an added security measure that prompts a user for an additional form of identification upon sign in such as a 4-6 digit code sent via text.
If you only use a password to authenticate a user, it opens a vulnerability for a potential attack or breach. Many use the same password for multiple accounts and if your password is weak, or exposed on the dark web, it opens the door for an attacker to gain access to your account and sensitive information.
Enable MFA Now, the More Applications the Better
Here are some areas to get started:
Email: Office 365, Google G Suite
Cloud-based storage solutions; Dropbox, OneDrive, Google Drive, etc.
Banking and Financial Services
Social Media for your business and personal
Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
- Tri-Cities, Washington 509.396.6640
- Yakima, Washington 509.396.6640
- Bend, Oregon 541.848.6072
Questions about your IT or Cybersecurity? Give us a call today!