The government is doing it.
Major healthcare centers are doing it.
Private businesses are doing it.
Everyone should be doing it, in fact. That is, implementing multi-factor authentication (MFA).
MFA means that a user must provide two or more factors of authentication such as two passwords or a password as well as biometrics in order to be allowed into an application, network or platform. MFA is an important security process that is relatively easy to implement, and it’s just the tip of the iceberg.
Fact is, cybercrime is on the rise and 2018 is shaping up to be one of the worst years for data breaches, according to Dark Reading. In fact, 2018 has the third-highest number of records exposed overall since 2005, according to a recent report from Risk Based Security, which notes an increase in severity with this shocking statistic: “…seven of the breaches this year exposed 100 million or more records.”
As cybercriminals become more adept at breaking into networks and applications, one of the sure-fire ways to protect mission-critical data is to have multiple forms of sign-in options. Having only one password is almost an invitation to hackers – as they can usually figure out the passcode with a few simple key-strokes and password detection software.
Experts say that password theft is constantly evolving as hackers employ methods like keylogging, phishing, and pharming to break into networks and applications. TechBeacon shares, “Bad actors will always hunt for the weakest link and once the link is compromised, they move unnoticed in pursuit of higher target assets.” Those assets are usually banking records, account information, social security numbers and more.
According to the Washington Post, MFA can reduce the risk of phishing and other attacks because authentication into systems is not dependent on a single password. For instance, the federal government recently instituted two-factor verification which requires a user to input both a password and a special code generated by a verified device in the possession of an authorized user. This means even if a password is compromised, a hacker would still need to steal a government worker’s physical device.
You may also have heard of MFA being referred to as two-factor authentication. Many use the term interchangeably but there are slight differences. While two-factor requires a user to supply two forms of things you know as well as something you have – like a password and your mobile phone for instance, MFA require more steps such as something you know, something you have, and something that is unique to your physical being — such as your retina or fingerprint.
Both two-form and MFA are effective security measures organizations can use in conjunction with next-generation firewalls and anti-virus security software to protect against malicious actors.
Setting up MFA is relatively easy and there are a number of resources to help. Depending on what applications and platforms you use, there are MFA instructions that will offer the necessary resources for IT and even non-IT personnel to add in that extra layer of sign-in protection. For instance, Microsoft has step by step measures to adding MFA to Office 365, Azure and other platforms.
Additional Resources for adding MFA:
- Adding MFA to WatchGuard solutions
- Adding Authentication to Google
- Adding Two-Step Verification to Sharefile
Multifactor authentication is increasingly considered as essential as a firewall.
The need for affordable, easy to use multi-factor authentication (MFA) is one of 2018’s most critical challenges. Join Diamond IT and WatchGuard for a special webinar on why traditional Two-Factor isn’t cutting it. More information is coming soon!