Identity security is one of the most significant challenges that IT organizations face. An identity compromise can ruin an organization, and it is the number one attack vector for hackers. Your traditional, not so secure way to log in, consists of entering your username, and that familiar password. You know, the one you probably use for most other online accounts. Now you’re in, and can go about your business. If you are one of the 54% of consumers in the USA who use 5 or less passwords total across ALL platforms, you’re at risk. Passwords are hard. The growing list of security requirements are intended to make passwords secure, but in many cases they’ve had the opposite effect. Complex passwords that meet all the requirements are often difficult to remember, so they’re reused across many sites. Users scribble them on sticky notes. They weave in easily discoverable pet’s names, birthdays, and phone numbers. It’s no way to keep data secure.
Once hackers compromise just 1 of these passwords, it creates a domino effect that gives hackers access to all your platforms.
The Good News? Thankfully, organizations are starting to not just understand, but also support the concept that while access should be hard for hackers, it needs to be easy for legitimate users. There are many options available to protect company data, including Two-Factor and Multi-Factor Authentication. These tools can also be used in your personal life for systems, like Banking, HR, Stocks/Trading and Medical Portals. By adding another layer of security to password management, it becomes increasingly more difficult for bad guys to log in as you.
Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism typically at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are). MFA Simply Uses Several Forms of Authentication to provide even Tighter Security.
Two-factor (2FA) is a subset of MFA. It is a type of MFA where you only need two pieces of evidence two factors. Many of us already use 2FA in our daily lives without even realizing it. For example: At the ATM, you use your PIN (something you know), and your card (something you have). When you log in to Google, Twitter, or Linkedin, or you make a purchase on Amazon, you can use their two-step validation to require your password (something you know) and a special text sent to your phone (something you have). If you don’t have your password and your phone you don’t get in. Adding another factor such as a USB key that you had to stick into your laptop, your phone and your password you’d now need three things for access makes it MFA.
As a reminder, All two-factor authentication (2FA) is multi-factor authentication (MFA), but not all MFA is 2FA. The simplest way to wrap your head around this is to remember that 2FA will always and only have two factors, whereas MFA can have two or more factors.
- Consider How You Will Successfully Deploy Multi-Factor Authentication Within Your Organization
It goes without saying for most, but it’s critical to plan out your move to MFA, long before you implement a plan across your network on how you plan to roll this out to all parties involved – Do you offer employees the opportunity for feedback on solutions and experiences like MFA?- How will you settle technology issues that crop up – is your IT department ready to provide the support needed to end-users when they run into trouble?- How do you plan on measuring the success of this initiative; will you utilize metrics to show the adoption and impact on your employees?
- Question Conditional Access to Control When Multi-Factor Authentication Is Required
Are you the type of business to dip your toe in? Conditional Access allows business to enable policies surrounding when multi-factor authentication would be required. For example, businesses use conditional access to require MFA if employees are signing into a personal device, or new-to-the-network, IP address.
The ease of use in these tools have changed greatly, including the user experience, allowing many remote users a better way to work, when they aren’t in the office.
- Trouble with Adapting with a Variety of Authentication Methods, Employees Can Choose an Option That Works for Them
More times than not, the one-size-fits-all approach isn’t something you want to adopt, especially when using MFA tools. Forcing employees to choose between a receive a mobile confirmation, only works if EVERYONE at your business has reliable access to a mobile device. Be sure to utilize a solution that works in a variety of ways, so your workforce makes the most of the MFA security tools you are putting into place.
- Evaluate & Test Multi-Factor Authentication on a Regular Basis
If there is one thing, we’re sure of at Clare Computer Solutions, it’s the fact that our threat landscape is undergoing constant change. Hackers are changing viruses, malware, and Trojans faster than ever before. Implementing a technology that aims to help with security is something that will need regular attention, to ensure its protecting you. We recommend checking in on your MFA solution no less, than once a year. You should be looking to assess if the solution is still meeting the unique needs and requirements of your business.
Stopping ALL online crime is not realistic, but simple steps can massively reduce the likelihood your business will become the next victim. When it comes to your most sensitive data use Multifactor Authentication whenever possible, as many organizations have begun adopting it in mass. Need help hunting down your perfect solution? Contact us, to begin talking about your business options.