Multi Factor Authentication (MFA)
We encounter more online traps than ever before, where the sole objective is to steal legitimate passwords to access systems with more valuable information.
At the same time, increasing password rules are driving people to simplify their passwords down to a reduced number so that they can remember them.
In the end, we have a perfect storm brewing where one employee slip creates a costly breach for your company.
You may have the best remote access and firewall in the market, and dozens of remote users, however all it takes is:
- 1 user with a simple password that gets hacked
- 1 user with a keylogger Trojan in the computer
- 1 user falling for a phishing attack
About 81% of all breaches in 2016/17 leveraged stolen or weak passwords.
Here are the top 10 easy ways for your staff to lose a password:
- Share your password
- Store it on your computer
- Write it down
- Use on shared computer
- Use on public Wi-Fi networks
- Choose an easy password
- Fall for phishing attacks
- Use the same password on multiple sites
- Fall for a social engineering attack (bogus phone calls)
- Click on weblinks to sites that install malware
How can we make password more secure but still easy to remember?
The answer: Multi Factor Authentication
Multifactor authentication (MFA) is a security system that requires more than one form of authentication to verify the legitimacy of a transaction.
MFA combines two or more independent credentials:
- what the user knows (password)
- what the user has (security token)
- what the user is (biometric verification)
It is growing very fast in the business world since it not only protects users’ credentials but ensures passwords are being used by the true owner.
For MFA to be successful however, the user experience is critical and companies must balance user convenience and security.
There are several authentication factors to choose from and the company implementing the MFA solution can decide what factors they want to use and which ones they don’t.
5 Best Practices of MFA
MFA has become an essential security tool for data protection. Here are the recommended best practices:
- Implement MFA everywhere – Partially deploying it in your company does very little good in protecting important applications and data.
- Use adaptive MFA – This will make for a better user experience and security.
- Provide a choice of MFA methods – By giving users several options to choose from, the user experience will be more positive
- Combine MFA with SSO and least privilege access – By combining multiple levels of security, the risk of compromised data is even lower
- Continuously re-evaluate MFA – Verify that the deployment continues to meet the needs of the company and its users. Make changes as necessary.