No matter how strong and secure your password, it is not enough by itself to secure important online accounts. Passwords can be stolen through phishing attacks, discovered by social engineering, or otherwise compromised in many different ways. That’s why Multi-Factor Authentication (MFA) is important.
What is MFA?
MFA – also known as two-factor authentication (2FA), or two-step verification – is an extra layer of security which works by asking users for an extra piece of information (or factor) before allowing them access to their account. There are a range of different options for the extra ‘piece of information’ that services ask for from users, ranging from answering pre-set security questions and providing an access code from an app on their smartphone to using a hardware security key.
Multi-factor authentication is built into most modern cloud services – including file storage, email, social media, collaboration tools, and financial services – and should form a part of your cyber security plan.
Why you need MFA
Criminals have become very good at stealing passwords, and have a long list of tools at their disposal to help them do just that. Using a separate, strong and secure password for each of the services you and your team access will protect against some types of attack, but not all. Not to mention that users now have so many accounts that it is impossible for them to use different passwords for everything without some kind of help – and even the best password managers are still protected by, you guessed it, a password.
Using MFA brings a lot of extra security with relatively little pain for users and, usually, with no expense for your company or organisation (Google, Microsoft and others provide MFA applications for free).
Which ‘factor’ is best?
There are many different MFA systems, with different applications asking for any of the following:
– a code generated by a smartphone app
– secret passwords sent by email to a registered address
– a time-specific password the user receives through their mobile phone number.
All have their advantages and drawbacks, and which you use will depend on the service you are securing and the needs of your users. However, it is wise to avoid any that rely on security questions or extra passwords that users can remember – since these are really no different from any other password.
Let’s work it out
Correctly configuring MFA, and cyber security in general, can be a complex and worrying area. If you feel in need of a helping hand to secure your organisation’s data, contact our computer support professionals today.