It should come as no surprise that eight in 10 hacking-related breaches are due to weak/stolen passwords.
Let’s be frank, changing passwords and following stringent password policies is a hassle; that’s why so many people set one ‘strong’ password and then use it across multiple accounts. Even then, if your password is shorter than 9 characters and uses caps, special symbols and numbers – it is still susceptible to a brute force attack!
While strong passwords are important, there is another, very effective way to secure your accounts and systems - multi-factor authentication (MFA).
So, what is MFA, and why is it so important? In a nutshell, MFA is a security measure that requires users to provide two or more forms of authentication to access an account or application. This typically includes something the user knows, such as a password or PIN, and something they have, such as a security token, code or fingerprint.
MFA provides an extra layer of security beyond traditional password-based authentication, making it more difficult for attackers to gain unauthorized access.
There are three primary types of MFA:
- Knowledge-based authentication (KBA): This type of authentication requires users to provide something they know, such as a password, PIN, or answers to security questions. KBA is the most used form of authentication but is also the least secure, as passwords can be easily stolen or guessed.
- Possession-based authentication: This type of authentication requires users to provide something they have, such as a security token, smart card, or mobile device. Possession-based authentication is more secure than KBA, as attackers would need physical access to the user's device to gain access.
- Biometric (or inherence) authentication: This type of authentication requires users to provide something they are, such as a fingerprint, facial recognition, or iris scan. Biometric authentication is the most secure form of authentication, as biometric data is unique to each individual and cannot be easily replicated.
How does MFA work?
MFA works by requiring users to provide two or more factors of authentication before granting access to an account or application. The authentication factors can be any combination of the three types of authentication mentioned above (knowledge-based, possession-based, and biometric).
When a user attempts to access an account or application, they will be prompted to provide their authentication factors. For example, they may be asked to enter their password (knowledge-based factor) and then provide a code sent to their mobile device (possession-based factor), which in turn is protected by a biometric feature (fingerprint).
Once the user provides the required authentication factors, the system will verify their identity and grant access if the authentication factors are correct. If any of the factors are incorrect or if the system detects suspicious activity, access will be denied, and the user will be prompted to provide additional verification.
What is the most secure authentication?
In general, multi-factor authentication (MFA) is one of the most secure authentication methods available, however ‘secure’ is often subjective and at times only suitable if it meets a specific risk profile. In some cases, passwordless authentication (for example, biometric + hardware token) or risk-based authentication (for example, access is based on device, location or behaviour) can be a more suitable option.
Why should your business use MFA?
Multi-factor authentication has been around for decades but that does not mean everyone is using it. According to the Cyber Readiness Institute, 55% of small and medium-sized businesses are not ‘very aware’ of MFA and its security benefits, and 54% do not use it for their business. For a proven technology that can stop attacks outright this is surprising.
Here are three reasons why MFA is crucial for your company's security:
Passwords are not enough
I mentioned this above, but it merits repeating again: Passwords are not enough to protect your company's data. Passwords can be easily stolen, guessed, or cracked by cybercriminals. MFA gives you a much needed extra layer of protection.
Protect against phishing attacks
Phishing is a very common tactic used by cybercriminals to steal login credentials and gain access to company data. MFA can help protect your company against these attacks by requiring a second form of authentication, even if the user's password has been compromised. For example, if an employee falls for a phishing email and enters their password on a fake login page, MFA will prevent the hacker from accessing the account without the additional authentication factor.
Many industries have compliance requirements that mandate the use of MFA. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires multi-factor authentication for any system that stores or processes payment card data. Additionally, MFA is becoming more common in other industries as a best practice to protect sensitive data from cyber threats.
It is NOT difficult to implement
Implementing MFA in your company can seem daunting, but it doesn't have to be. Many applications and services offer built-in MFA features, making it easy to enable for your employees. Most email services offer MFA as a security option and it’s free! Additionally, there are third-party MFA providers that can help you implement and manage MFA across your company's systems.
So, if you haven't already, it's time to start implementing MFA across your company's systems.
Choose a trusted partner
If you want to improve security and protect the weakest link in your business, BMIT can provide various solutions and services to boost your security posture. Talk to one of our technology advisors today to learn more about MFA and your overall security needs!