Passwords can be a tricky thing. Nowadays, the requirements for a secure password are becoming more and more complex. But no matter how complicated your password is, many websites still ask users to take that extra step of multi-factor authentication (MFA), often in the form of an SMS verification code. Not only do they want to know that you are who you say you are, but they also want you to prove it—and employers are following suit.
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) is a security system that requires multiple credentials to verify a user’s identity. Instead of the standard credentials of username and password, MFA requires credentials from at least two of three categories:
- User-generated data such as a PIN or password
- User-owned property such as a smartphone or smart card
- User-identifiable characteristics such as fingerprints or voice recognition
If two categories of authentication are used, the process is called two-factor authentication (2FA). If three are used, the method is referred to as 3FA or three-factor authentication. Both 2FA and 3FA are subsets of MFA.
MFA can be implemented to resemble the single sign-on (SSO) authentication that many users enjoy. With SSO, users are authenticated and then given access to all applications associated with their account. It eliminates the need for multiple passwords, but it has a higher security risk. Configuring MFA to allow for a similar option not only provides convenience, but it also ensures better security.
Why MFA is Important
When hackers steal usernames and passwords, they can gain unauthorized access to a company’s network. MFA is important because it adds an extra layer of authentication that hackers will not be able to acquire when trying to log into your system . For example, when users enter their usernames and passwords, a unique code is sent to each smartphone. That code must be entered into the system before access can be granted, and often times hackers will have your password but not your actual phone.
Even if bad actors have stolen usernames and passwords, they are unlikely to have access to the smartphone connected to the user account. Without access to the verification code, hackers cannot access the system. Given that 81% of data breaches can be traced to weak password security, adding the additional authentication factor of MFA is one way to strengthen security.
Why MFA is Important in Distributed Workforces
In the initial shift to remote and distributed workforces, many companies were ill-prepared. Their infrastructure was not designed to support remote employees. Policies and procedures for remote workers were incomplete or nonexistent. IT departments or service providers scrambled to get employees online. In the rush to become operational, organizations failed to consider the implications of remote workers on cybersecurity.
The number of cyber crimes reported to the FBI quadrupled across all sectors during the pandemic. Part of that increase can be attributed to the rise in the number of employees working from home. For example, user credentials for logging into the company’s network while in the office may lack the robust security required for a remote workforce.
Since many remote workers may be using unsecured home or public networks, MFA can safeguard user credentials. It can minimize the opportunities for hackers to gain unauthorized access through phishing or social engineering tactics. MFA can also alleviate some of the burden on remote IT personnel as they work to secure a company’s infrastructure and address the demands of a distributed workforce.
How Does MFA Strengthen Cybersecurity?
With MFA, user identities are checked every time they log in from a different device. That means an authorization check, such as a passcode, is sent to an email account or a smartphone associated with a user. The passcode must be entered before access is granted. With more people working from home and potentially using different devices, MFA can ensure that a bad actor is not gaining access.
MFA can also block bot attacks. Bots can’t intercept codes, and manual attempts to bypass MFA prompts have failed. Only highly sophisticated techniques or brute force attacks have the potential to compromise MFA-activated accounts. Because a bad actor needs a second factor to gain access, a stolen password or PIN can be rendered useless with MFA.
Why is it Important to Use MFA?
Preventing cybercriminals from acquiring user credentials through MFA can significantly reduce the chance of a successful data breach. Did you know that:
- 81% of breaches are caused by credential theft?
- 73% of passwords are duplicates?
- 50% of employees use unapproved apps?
Adding MFA can prevent over 95% of bulk phishing attempts and over 75% of targeted attacks, according to Google.
Once hackers have access to a system, they can install malware, steal sensitive information, or disrupt operations. Restoring service can be costly. An IBM study found that recovery costs were spread over three years, with the majority of the costs occurring in the first year. If the breach occurred in a regulated industry such as healthcare, utilities, or finance, costs in the second year could be as much as 25% of the total costs. On average, it takes an organization over 275 days to contain a data breach. That’s nine months in which resources are not available for business growth.
How to Choose an MFA Solution
Multi or two factor authentication (MFA and 2FA, respectively) solutions are designed to protect data from unauthorized users. However, not all solutions are created equal. As you shop around for the best MFA vendor for your company, keep in mind the needs of your company, such as:
- Are you looking at multi-factor authentication solutions for your employees or your customers?
- Which endpoints and accounts are you looking to protect?
- How much security do you need?
- How many users are you looking to cover in the short term and long term?
- Do you have any compliance requirements that need to be met?
It’s important to have a clear vision of how you want multi-factor authentication to work for your company. It will help you to narrow down the list of vendors that will be the right fit for you. Here are additional questions you may want to consider:
- What options are provided to generate one-time passwords?
- What contingency plans are in place if a user gets locked out, loses their phone or token, etc?
- Who has control over user access?
- How quickly can access be revoked (for offboarding, vendors, clients, etc.)?
- How often do tokens expire or need to be repurchased?
Although two factor authentication solutions are designed to enhance the security of your business, it’s also important to consider the user experience so that the rest of your team will be on board, too!
Our Picks for Multi-Factor Authentication Solutions
Duo Security: Duo MFA is a cloud-based solution that offers a variety of authentication methods, including U2F, security tokens, SMS passcodes, phone callbacks, and HOTP for application integrations. They also have bypass codes for temporary access, or if one of your employees loses their phone. Duo offers four different plans based on your needs, ranging from a free plan (for basic credential protection) to their most secure plan at $9 per user, per month. It’s also worth mentioning that they were acquired by Cisco—a worldwide leader in cybersecurity solutions.
Okta: Okta offers an adaptive multi-factor authentication solution, which provides a little bit more flexibility to decide when authentication policies need to be enforced. This allows companies to designate specific authentication factors for different types of users. For example, you may want to apply stronger authentication methods for users that have access to more sensitive data. This is particularly useful for companies that are looking to implement cloud-based security.
SecurAccess: SecurAccess offers token-less two factor authentication solutions for remote access, which is helpful if your business works with remote teams. You can authenticate your identity on any device through a variety of methods, including passcodes through secure emails, soft token apps, real time SMS passcodes, and one-time passcodes.
Trusona: Trusona understands what it feels like to hate passwords, and they are actually trying to eliminate the use of passwords for identity authentication. In fact, they have a #NoPasswords Manifesto on their website. So how does their two factor authentication actually work? Right through one’s phone on the Trusona app, which utilizes touch IDs, QR codes, and even ID scanning. They offer both multi and two factor authentication solutions, depending on the level of security your business is looking for.
Get Help with MFA for Your Organization
Still unsure about which MFA solution is right for your business or if MFA makes sense at all? When your business partners with Electric, you will not only receive comprehensive IT support, but we can also provide you with expert recommendations on MFA solutions and implement them at your company. Get in touch to learn more!