Multifactor authentication simply applies another "layer" to prove that you are who you say you are.
- Must use a mix of letters, numbers, and characters,
- Change your password every 30 days,
- Use a minimum of eight characters,
- then 12 characters,
- enforce a higher password history to prevent reuse
- etc., etc.
Don't get us wrong. Passwords DO matter. But over time, as cybercriminals have evolved and their tools become more robust, passwords alone simply aren’t enough. With the modern capabilities of Brute Force attacks, bad actors can use trial and error to crack passwords exponentially faster than ever before. Also consider the onslaught of Ransomware, social engineered attacks, and other prevalent cyber crimes in 2022. As Cybersecurity expert James Scott once said, “There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.”
Enter Multifactor Authentication. Consider it the necessary physical layer of protection between your end users and any number of cybercriminals threats. They may get your password, but they can't get in with MFA (or commonly called 2FA as well).
Multifactor authentication simply applies another "layer" to prove that you are who you say you are. Utilized heavily by banking sites, schools, and businesses at the point of workstation log-in, multifactor prompts you to either check your email (or your phone) and verify a six-digit code that's sent to you, or verify yourself through a personal smartphone alert. The idea is simple: Now, in order to hack a computer, you not only have to uncover a complex password; now you have to literally have that physical device in your hands to gain access.
MFA: How it came to be.
Imagine your grandparents’ (or great-grandparents’) house. At some point, they discovered that people would walk into a house that wasn’t locked, so they started locking our doors. Then, it became apparent that people would break a lock in your house or a window to invade your home. So we put in alarms. And on and on.
It’s the same idea with an evolving cybersecurity landscape. We started out with passwords as a means to keep intruders out of our accounts. Early Brute Force attacks would use software (type in “aaa,” then “aab” etc. in hopes of eventually cracking the code. They worked, because we had simple passwords.
So we moved to more complex passwords and at one time, it would take brute force attacks literally years to crack. But today, super computers and their superpower “hacking” capabilities have forced cyber security measures to extend beyond passwords.
MFA: How it works.
In life, and in cybersecurity, sometimes the simple things prove to be the most effective.
There's nothing overtly complex about MFA. When you log into most any account, you begin by entering a username and password as usual. With MFA enabled, you are prompted to enter a second “factor” to gather your identity. The process can be completed in a number of ways, via email verification, text message verification or even RSA keys.
We believe (and the industry believes) that the most secure methodology requires the user to have a physical device on him or her. In this scenario, you log into your computer, and you have a button on your phone that says “approve” or “deny.” Outside of me (a potential cyber criminal) obtaining a long algorithmic code or you literally handing me your cellphone, how would I gain access?
MFA: How it protects your organization.
Here's a hypothetical story as an example.
Let's says someone internal at your company needs an administrative log-in for running updates on your network. To do so, they used a work email account and password. Now, let's say that same person went to a retail website to do some shopping. Out of personal convenience, when it's time to purchase and set up an account, he or she uses their same work email account and password to complete the transaction.
And then the retail website gets hacked.
The bad actors would certainly become intrigued with a company email and password and would proceed to gain access to that organization's corporate website. Unfortunately, this is a somewhat common occurrence and could spell doom for this company (This is where end user education is crucial!). However, with MFA enabled, the criminals had the username and the password, but when they hit enter they would have had to hit "Approve" on the employee's physical cell phone to gain access.
Datamax cares deeply about your cybersecurity landscape, which is why we're willing to go deeper and wider beyond traditional methodologies to protect your organization moving forward, including deploying multifactor authentication. Want to learn more about our TechCare Managed IT Services engagement (and its enhanced IT security features?) click to visit with a Technology Specialist!
Editor's Note: Cybersecurity expert James Scott once said, “There’s no silver bullet solution with cybersecurity, a layered defense is the only viable defense.” We couldn’t agree more. And frankly, traditional cybersecurity methodologies aren't enough today. That’s why we’re publishing this three-part blog series, in which we share three crucial advanced-level cybersecurity measures that we feel should be implemented at your organization.