Despite best efforts, keeping cybercriminals out of your systems and away from your sensitive data often comes down to one, easily exploiting item….user passwords. Whether users are duped by a complex phishing scheme that steals their passwords, or they simply just wrote the thing on a sticky note attached to their monitor, discovered passwords can lead to a litany of security problems, including data breaches and leaked information. Since passwords represent the gateway into your data and systems, and they can be easy to uncover, many businesses are resulting to the highly secure, yet mildly cumbersome world of multi factor authentication.
What is Multi-Factor Authentication?
Multi-factor authentication, or MFA, is a security process that requires more than one method of authentication in order to access a system or application. MFA is a more secure form of user verification as the user must provide two, non-related, credentials to get in. Typically, this involves three possibilities:
- Something the users knows (i.e. a password or passphrases)
- Something the user has (i.e. a security token, access card, etc.)
- Something the user is (i.e. biometric verification such as a fingerprint or facial recognition)
Below are a few examples of authentication scenarios that involve multi-factor authentication:
- Swiping a card and entering a pin to access a server room
- Accessing a website through a password and an additional one-time password (OTP) that is sent to your smart phone via a text message
- Swiping a card and scanning a fingerprint
- Attaching a USB token to your computer that generates a one-time passcode and using a known password
What are the benefits of multi-factor authentication?
MFA is a clear security booster as it eliminates stolen or uncovered passwords as a major threat. This makes it much harder for potential data thieves to steal your identity or your information. This can also significantly lower damage caused by phishing, as any phishing attack is likely to only grab the user’s password or username, which would not be enough to access a system protected by multi-factor authentication.
Also, with MFA tools such as Duo or Okta, deploying and managing multi-factor authentication can be easy and simple to manage.
What are the concerns?
MFA may seem like a no brainer for the tech savvy security expert, but there are a few concerns to think of when it comes to starting MFA for your organization.
First, and one of the biggest, is user friendliness. MFA can be a bit of a pain in the butt as it lengthens the time it takes to access a system, and can lead to other headaches. What if you need to verify a code on your smartphone, but the battery is dead or you left your phone in the car? What if you can’t find your security fob? Ease of use and adding an extra step for employees is considered the primary downside of MFA. In a millennial driven workforce, instant access is a must, and any barrier to that cause employees to search for their own alternatives.
Second, Multi-factor authentication is best suited for organizations that have embraced a Cloud mentality, so it might not be the best option if you still use mostly on-premises servers.
Overall, multi-factor authentication can do wonders for your overall security program if it is implemented correctly, but it is important to make sure that your infrastructure, and your user base, is ready to embrace it.