Multi-factor authentication (MFA) is becoming commonplace within modern workplaces. With a significant rise in the volume and variation of cyber-threats over the past decade or so, and plenty of high-profile security scandals more recently, it’s clear that cybersecurity must be everyone’s top priority.
You’ve no doubt heard about two-factor authentication (2FA) – where a password is used perhaps followed by a verification code received by SMS. This is common for logging into portals like online banking or Microsoft Teams.
But what’s different about multi-factor authentication? And what are the advantages of implementing this security measure into your organisation?
MFA typically involves three to five ways of verifying that the user is who they say they are. These five factors are:
1. Something you know
This is usually your password.
2. Something you have
This can vary depending on your organisation or the network that you’re trying to access. Examples of some things you have include physical onetime pin tokens, a chip or app which either accepts or denies your login, or a UB key or smartcard which plugs into your PC to verify your login.
3. Something you are
For this we’re talking biometrics. A fingerprint, handprint, footprint, your iris, facial recognition or voice recognition can all be used for this step.
4. Where you are
MFA works with static IP addresses (a PC within your office) as opposed to dynamic ones (a phone or portable device). So, if you’re in the wrong location and trying to log in from an IP address not recognised by the system, your access will be denied. Where you are can also be based on a MAC address, a unique identifier for each device connected to the network.
5. Something you do
This usually involves inputting a particular sequence or pattern. For example, Android users can make up a swipe sequence to use as a password.
Each step must be completed correctly to gain access to the network.
MFA is more secure than your typical username and password scenario. In the modern cybercrime landscape, username and password lists are leaked more regularly than anyone would like to admit, meaning that MFA is an effective way to bolster the security of your login processes.
How? Well for attacks such as brute-force attempts, MFA is highly inconvenient. The attacker may have a full list of usernames and passwords for your organisation, but geolocations, your token or onetime passcode are hard to mimic and biometrics are incredibly hard to fake. The MFA-protected network becomes too much work, and the threat actor goes on to find a less secure system. (Make sure you are not that less secure system.)
MFA can also help with achieving compliance such as PCI DSS.
According to our security experts, you need some form of MFA on every externally facing application like web portals or online logins. And although it may sound like an advanced form of security, MFA is pretty easy to implement within your organisation.
Firstly, decide how many factors of authentication you want to use. Three, four, five? This is totally dependent on your security needs, your industry and your individual business.
Then choose a platform or tool which can make MFA a possibility. There are free services out there such as Google Authenticator (enables 2FA) and platforms available for purchase including Duo Security, LastPass and RSA Secure ID Access.
Finally, make sure the system is fully enforced across your network to leave no weak links.
In short, the age of simple username and password combos is over. MFA, or at least 2FA, is fast becoming the norm as organisations become more cyber-conscious about the security of data. If you’re not already implementing MFA within your organisation, don’t wait until your network is breached!
Concerned about your cybersecurity? Speak to UKFast’s team of experienced security specialists now on 0800 231 5917, or request a callback.