Multi-factor authentication is a polarizing topic in business and technical channels. While business users are often quite fussy when asked to establish a secondary method of accessing their secure accounts and data, technology professionals realize that this bare-minimum authentication may be all that stands between business systems and some very bad actors. Reconciling the technical challenges of implementing 2FA (two-factor authentication) or MFA (multi-factor authentication) may seem like a struggle IT teams aren’t winning — but the fight is still a crucial one. Here’s what you need to know about how MFA can potentially remove bad actors from the equation in your business.
Business users (and ordinary humans in general) are notorious for creating passwords that are extremely easy to unravel. As machine learning systems become increasingly sophisticated, it’s not surprising that passwords no longer pose enough of a deterrent for a dedicated cybercriminal. A simple password is like the virtual handshake that allows an individual user to access their shared resources and business systems. Passwords are generally easy for business users: they can be quickly reset as long as you have access to a primary email account and you can theoretically use the same password in a variety of different places, which certainly makes it easier on your memory! Unfortunately, everything that makes passwords convenient for business users also makes it easier for hackers to infiltrate your systems. Multi-factor authentication includes a range of strategies that technology professionals can leverage to create an additional layer of security between bad actors and crucial business data.
Additional authentification options include:
These systems can be configured to ask for an additional method of authentication only when the access attempt appears to be high-risk — such as requests that come from an unrecognized device or originated in a region that is known for presenting cybersecurity threats.
Cloud-based applications are considered by some to be key targets for an attack since the storage of information is not onsite behind a firewall, but “out there” where theoretically accounts could be more easily compromised. Implementing multi-factor authentication in this situation allows legitimate users to quickly access their accounts and information while adding that crucial layer of security. This is especially important when you have privileged access accounts — those users who have admin privileges or whose login allows them to tunnel deeper into your infrastructure. Creating a strong identity governance solution and implementing it across all corners of your business can help ensure that the individual accessing the information is vetted and verified before allowing them egress. While bad actors can hack a password, it would be much more difficult for them to copy a fingerprint or gain access to a randomly-generated number that was delivered to your personal mobile phone. While SIM hijacking does occur (when hackers access a specific phone remotely), a more robust form of two-factor authentication is helping businesses such as social media platforms reduce the potential of hacked accounts.
Let that fact sink in for just a moment: according to Verizon’s recent Data Breach Investigations Report in 2017, 81% of breaches leveraged stolen or weak passwords to allow cybercriminals unauthorized access to business information. Creating the rules that will convince users to update them on a regular basis is a solid first step in reducing this threat, but it will not be nearly enough to stem the tide of destruction and loss caused by poor password hygiene. The Verizon report also showed that nearly 3/4 of breaches are financially motivated, while only a small percentage (21%) were related to cyberespionage.
With this type of additional data in hand, it is hoped that organizations will be able to pitch the value of multi-factor authentication to overcome any concerns by business users as well as the cost differential involved in implementing these advanced security measures. Without multi-factor authentication in place, your business is simply one weak or default password away from providing bad actors with easy access to your sensitive business information.