What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is a supplemental authentication method that asks users to provide a second (or more) form of identification in order to sign into an online service, application, or system. Instead of asking only for a username and password, MFA will require one or more additional verification methods to decrease the likelihood of an account breach. For example, when a user signs into their webmail account, it may require them to enter a code that is sent to them using a text message, phone call, or authentication device.
Why is MFA important?
MFA increases organizational security by requiring users to identify themselves by more than just a simple username and password. Many users tend to use the same password across all their accounts, repeatedly re-use old passwords, or even make incredibly simplistic passwords that include things like their names or birthdays. These types of sign-ins create a huge security burden for the entire organization and can be a headache for business owners to manage easily. While password management is still very important, businesses can reduce the security footprint of weak or stolen passwords by enabling MFA and ensuring users have to present more than one valid form of authentication to gain access to critical systems.
How does MFA work?
In the security world, there are three main types of identity authentication:
– Something you know, such as a password
– Something you have, such as a badge or smartphone
– Something you are, such as biometrics like fingerprints
MFA works by requiring two or more of these unique authentication types. The most common type of MFA in use right now is a one-time-passcode (OTP). OTPs are the 4-8 digit codes that are often received via email, text, or phone call when trying to sign into an MFA-enabled account. With OTPs specifically, a new code is randomly generated each time access is requested and the type of code is based upon a value that is assigned to the user when they first register their MFA. The OTP is both randomly generated and unique to the individual, meaning their access is granted based on something they know (their password) and something they have (the OTP).
Other types of MFA examples
Other types of MFA include using a combination of elements to authenticate. You’ve likely run into a few in the past.
– Answers to personal security questions
– Smart Cards and USB devices
– Key fobs
– Facial and voice recognition
– Retina scans
As MFA becomes more important, authentication methods become more sophisticated.
Applying MFA in Small and Medium Business
Here at Hermetic, we provide each of our clients with the licensing that they need for Office 365 or Google Suite, and configure them with industry best-practices like MFA. It’s just one small piece of a larger security puzzle and other systems, methods, and protections need to be considered. Sites with VPN and Remote Desktop might need a separate system and custom line-of-business applications might only be compatible with another.
Ensuring that all critical systems within an organization have multiple factors of security enabled is our prerogative and we work hard to ensure we’re finding and filling in gaps every day. Combined with a password management solution, regular vulnerability and penetration testing, phishing audits, and documentation reviews, our clients can rest easy that their security infrastructure is consistently up to date and working as intended.
If you have questions about MFA or general security practices or you think your business could use an audit or overhaul, get in contact today and we’ll customize a solution to meet all your needs.