These days, passwords are no longer being viewed as the most secure way to protect an account. Cyber criminals are advancing at an exponential rate as are the ways in which they can find out your credentials. By only using a password as an authentication method, the security of an account is based solely on the strength of a password, which, as years of research has proven, is not generally very strong – two-thirds of people use the same password everywhere, and many of the passwords they use are easily guessed.
The combination of more sophisticated cyber criminals and hacking methods with bad password hygiene from employees has resulted in the use of Multi Factor Authentication becoming more commonplace across the business environment to help keep business processes secure. Furthermore, with the rise in remote work due to the coronavirus pandemic, IT departments need to ensure that it is as easy as possible for their staff to safely access applications from anywhere, at any time. According to data gathered from LastPass, around 57% of businesses were using multi factor authentication in 2019, a 12% gain on the stats gathered from the previous year.
Multi Factor Authentication, also known as MFA, is a security protocol for account logins which normally requires a combination of three elements. Each element must be done so correctly for users to be able to gain access to the account or network. These include:
This is generally your password. However, it can be anything you are able to remember such as a PINs, combinations or code words.
This can vary depending on the platform, your organisation or the network you are accessing and includes all items that are physical objects. For example, smart phones or keys which produce randomly generated codes.
This includes any part of the human body that can be offered for verification. For example, fingerprints or facial recognition.
MFA can sometimes be confused with two factor authentication which requires only the combination of the first two elements; something you know and something you have. If organisations want to have more than three elements for their MFA process, there is sometimes the option to have users confirm where they are, for example if a login is attempted from an IP address not recognised by the system, access will be denied, and the option to have users do something, such as inputting a particular sequence or pattern.
MFA adds that extra layer to account access, making it far more secure than only relying on a username and password. Here are the top reasons why you need to consider implementing this in the login process for platforms and networks in your organisation.
The purpose of multi factor authentication is that each element compensates for the weakness of others. For example, where passwords and pins can be susceptible to brute-force attacks, a type of cyber-attack where the hacker uses a software which uses trial-and-error to go through all possible combinations until it hits yours, something you have such as a code on your phone can not be so easily guessed. This protects your business as it decreases the chance of a cyber-criminal gaining access to business accounts and prevents the identity theft of individuals as a hacker needs to not only guess a password, but needs the mobile phone and any other elements – the more a cyber-criminal needs to have, the harder it becomes.
Cyber-attacks are becoming a daily concern for businesses. It is now a question of ‘when’ and not ‘if’ one will occur – in 2019, more than half of British firms reported a cyber-attack. Securing your applications and networks with MFA is pivotal if you want to improve the cyber security in your organisation and help prevent an attack.
Passwords have always been the default security measure. However, they are simply not secure. – in 2017, 80% of data breaches were the result of passwords being either too weak or easily stolen. Strong passwords are hard to come by these days, with most individuals opting to use ones that are easy to remember and therefore, easy to crack. You can find out the 2019 list of the most commonly used passwords here – some of them may surprise you!
While you may think that having multiple authentication methods would make the login process more complex, this is not the case. MFA is a simple and inexpensive security measure which gives organisations access to more advanced login options such as ‘single sign-on’. With single sign-on users are validated through MFA in the login process, meaning that once the user is authenticated, they are logged into the single sign-on software. From this, they have access to all apps that are covered on the software without having to provide authentication elements for each app separately.
Remote access has been great for allowing employees to work from home throughout the coronavirus pandemic. Unfortunately, this shift has also created a rise in cyber-attacks on remote workers who do not have sufficient security measures in place; in a recent survey looking into the effects COVID-19 had on the security of remote working, 91% of executives stated that working from home led to a rise in attacks. What’s more – the survey found little confidence among respondents that the rollout to remote working had been done securely! MFA is one of the best ways to grant remote access while also fighting against cyber criminals and attacks on remote workers.
Companies in industries who deal with sensitive data such as personally identifiable information or financial details often must implement MFA in order to comply with compliance standards. Even if the business activities of your organisation do not specifically require MFA, it is normally the best step to take to protect your business.
At the very least, we should all have a strong password and MFA turned on for both our personal and business emails. If a hacker gains access to your email, they can gain access to all your accounts as all they need to do is select ‘forgot password’! However, in a world where cyber-attacks are more prevalent than ever, it pays for organisations to have MFA implemented on all online logins and platforms.
The good news is, for most platforms, this can be done so easily as it is a simple as getting your employees to turn the service on. All employees need to do is head to settings then to the security section - from there, each platform will walk them through the process of setting it up.
There are also a number of tools available that will make MFA a possibility on those platforms that do not offer it. Free services include Google Authenticator which will enable 2FA, but if you require something more complex, you may want to consider platforms that are available for purchase such as Myki and LastPass.
Data breaches and cyber-attacks are real threats that need to be taken seriously. Fortunately, organisations are beginning to realise this and to address their concerns, are implementing MFA as a result. MFA will not only improve your security and help protect your business and employees, but it simplifies login processes, secures remote access and help you stay compliant no matter what industry you are in.