Multi-Factor Authentication

By Christopher Jones | September 20, 2022
Multi-Factor Authentication

When we think about secure authentication, we often think about a username with a strong password. Although strong passwords are important, it is often not enough to secure access to computer systems, networks and the Internet. For this we need MFA, which is short for Multi-Factor Authentication.

What is MFA?

Multi-Factor Authentication (MFA) means that you have other factors in addition to your password that make authentication more secure and reduces the risk that a password by itself can be compromised. A password used together with a username is considered a single factor of authentication and can be characterized as something you know. The two other factors are something you have, and something you are. So, if you are trying to access a resource securely, such as a computer, a website, or another device it is no longer sufficient to have a single factor. If we combine a password (something you know), together with a secure token (either an app on your phone, or a physical token you carry with you (something you have), then we have secure authentication of two factors, or 2FA. If you then add a factor that is characterized as something you are, such as your fingerprint, facial recognition, or even an iris scan, then we have the strongest combination of secure authentication, or 3FA. Although 3FA is the most secure, it is often very costly and complicated to setup and achieve a balance of security versus ease of use. 2FA itself provides the higher level of security that we need nowadays, while striking a nice balance between security and ease of use.

Here’s a great resource on MFA from NIST

Why do we need MFA?

Cyberattacks are at an all-time high and are getting more and more sophisticated all the time. The risk of data breaches, malware attacks and data theft are becoming more costly and damaging to individuals and businesses all the time. A very strong password cannot realistically be cracked using computer software, but the cyber attackers use a different tactic… They trick you into providing the password to them through social engineering tactics like phishing. MFA effectively puts a stop to this. Unless the attackers have your token, or your fingerprint along with your password, they are put out of business.

Increasingly, more and more services on the web are beginning to require 2FA to better secure systems and data from cyberattacks. You may have been prompted to provide your phone number to an online service. When you attempt to log in, the system sends you a code within a text message. You then need to enter that code into the website together with your password. The phone is what you have and the password is what you know, so you are now using 2FA.

Aside from the increasing number of services that require MFA, now we have regulatory mandates that require businesses to implement MFA. Business Cyber-insurance is increasingly requiring that policyholders secure their environments by implementing MFA for remote access and email. Cyberattacks such as Ransomware are disrupting businesses at record levels and forcing them to make claims on their cyber-insurance policies. Insurance companies are paying out claims for these events across the board at an unprecedented level. As part of the reaction to this, insurance companies are making it more difficult to obtain reasonable and affordable business cyber-insurance. Requiring MFA reduces the risk that businesses will be impacted by cyberattacks that may force them to make a claim.

How to Get Started

Contact 2Bware today for tips and advice about how to get your environment prepared for Multi-Factor Authentication. We can help you evaluate how to best implement MFA to protect your business. 

Posted in Security Awareness