Two-factor authentication (2FA) or Multi-factor authentication (MFA) is a method that requires a user to verify themselves by two or more ways to gain access to your online accounts or other resources.
Multi-factor authentication differs from single-factor authentication (think, just a username and password). Having more than one type of authentication method is a security best practice. It will keep you out of a lot of trouble, and it is the only way to guarantee that the people you want to have access are in fact the only people who have access.
Why Not Single Factor Authentication?
Single factor authentication would simply be providing a username and password. Frequently with single factor authentication, people create simple, easy to guess passwords or write down more complex passwords as a reminder. Passwords that are documented could easily be lost in a data breach or otherwise compromised.
Single factor authentication is increasingly less and less reliable as computers get smarter and hacking tools get more advanced. It no longer takes a skilled hacker to gain access to your information. Anyone can download and install free ethical hacking software, such as Kali Linux, which is designed for ethical hacking or penetration testing.
With complex hacking tools just a Google search away, your security can be vulnerable to bad actors such as some nation-state actor or some kid sitting in their parents’ basement.
How Does Muti-Factor Authentication Work?
With multi-factor authentication, instead of just username and password, you add another factor. This factor is not just something you know, it is something you have.
Now you must know your username and password and you must also have something in your possession that completes the authentication process to gain access to your accounts or resources. This process ensures that your identity is verified before accessing your accounts.
Types of MFAs
RSA Hardware Tokens
In the corporate world it is common to have something such as an RSA token, a small device that generates a random 6-digit code every 60 seconds. By putting in your password plus the 6-digit code that is randomly generated and continually refreshing, it proves that you have the device in your possession in real-time.
There are also authenticator apps that you can download on your mobile device that creates a time-based, one-time password (OTP) to allow access to your desired account. There are several well-known authentication apps by industry titans Microsoft, Google, and others. An authenticator app can be a cost-effective way to implement MFA, especially in today’s remote or hybrid workforce.
A YubiKey is a physical device, much like an RSA token that a person must carry. The goal of a YubiKey is to make two factor authentication as simple as possible. Instead of a random code being generated for you (like an RSA token), or a code on your cell phone (like an authenticator app), each device has a unique code built on to it that is used to generate codes that confirm a person’s identity.
Why Use Multi-Factor Authentication?
While it’s never super convenient to be secure, it is worth the extra steps of multi-factor authentication because without it you are opening yourselves up to a world of hurt. Small and medium businesses are the most common target of cyber hackers. A cyber-attack can cost a business an average of $100,000 a response – a sum most small and medium businesses do not have to spare. More importantly, this cost is largely avoidable by implementing good cybersecurity practices like MFA.
Have you ever gotten a warning from Google Chrome saying, your password’s been exposed in a data breach? MFA offers you and your employees an added layer of protection in these situations, because even if your password is compromised by a bad actor, they don’t have your smartphone and can’t access your second factor, the six-digit one-time code.
Multi-factor authentication is an easy and relatively inexpensive way to increase your organization’s security posture. This is also why cybersecurity insurance will often require multi-factor authentication for risk mitigation.
Implementing Multi-Factor Authentication In Your Company
It is worth going with a well-known authenticator such as Microsoft or Google multi-factor authentication. At Code of Entry, we have gone with Microsoft. We have hosted our own email for a while and made the decision that it was worth it for our cybersecurity posture to upgrade to Microsoft’s email exchange server. This requires multi-factor authentication and with it added protection for our company.
With any company, not just an IT company, your reputation is on the line. If you get hacked, regardless of the reason, that is a hit on your reputation and trustworthiness. Making a small investment in your organization’s identity and access management by implementing MFA is well worth it to preserve your reputation and your customers’ trust.
We know the fast pace of technology can be overwhelming, especially when you have a business to run. That is why Code Of Entry is here to help. Whether you need technical advice or are interested in letting us help you secure your network, business assets, and intellectual property, we can meet your wherever you need us.