In today’s online world, our lives are composed of a plethora of usernames and passwords. We’re all aware of the increasing cyber threats to our information, yet, for ease of use, many of us use the same passwords across the internet; personal and business alike. Wouldn’t it be helpful if our online accounts would alert us to breach attempts? Or better yet, make a stolen password useless to hackers?
Online security relies on a variety of tools and policies. It’s important not to rely on any single method for comprehensive protection. Multi-factor Authentication (MFA) adds a third layer of security, which makes an account 99.9% less likely to be breached. Whenever possible, users should get into the habit of protecting themselves with the extra layer of security that MFA provides.
MFA or 2FA security is not a 21st century concept. In past years, banks and other financial corporations have commonly used a small hardware token with a randomized security key. While this was an excellent layer of protection when minimal data existed in the cloud, we all require the same online armor today with threats a commonplace occurrence. Now, through leveraging mobile messaging and smart phone authenticator applications, we all can add the added security of MFA to our business and personal accounts.
Multi-Factor Authentication is the use of two or more independent means of evidence (factors) to assert the identity of a user requesting access to an application or service. The most common form of multi-factor authentication is two-factor authentication (2FA), which pairs your first authentication factor (typically something you know like your password) with a second factor, such as a code sent to another device, like a smartphone. So, even if your password is stolen, the chances of someone else having your second-factor information is highly unlikely, stopping hackers in their tracks.
You may be using MFA already and not even realized it. Each time you login to an account and you are texted a short code to enter into your computer, or a push notification is sent to your mobile device to confirm you really did log in to your email from outside of the office, you are using MFA.
We highly recommend the use of MFA for all cloud hosted applications or for any application accessible from the public Internet, along with a password manager. While the implementation of MFA does require careful planning and coordination, most cloud applications (e.g. Office 365, Quickbooks Online, etc), financial sites, and other consumer applications offer some form of MFA or 2FA in 2020 as an integrated option. Many of these applications allow system administrators to mandate the use of MFA for all user accounts within the organization. MFA can also be implemented for workstation and VPN logons.
For businesses seeking to implement MFA authentication across their company, LastPass Authenticator, Google Authenticator, and Microsoft Authenticator popular smart mobile device applications which facilitate MFA for end users.
As small businesses continue to battle an influx of security issues, implementing MFA is simple and relatively easy for small organizations to implement, and provide additional peace of mind for your employees and customers.