Keeping electronic data safe is more important than ever before.
Whether it’s your personal email account or a critical app for your business, keeping electronic data safe is more important than ever before. Stolen passwords are among the top causes of company data breaches. A Verizon study revealed that about 81 percent of security breaches leveraged either stolen or weak passwords.
Due to the growing number of data breaches involving stolen passwords, many companies today are turning to multi-factor authentication (MFA) technology to mitigate password risk. While a user login and password remain a critical part of security, they are no longer enough to reduce the risk of compromised credentials, especially with the rise of cloud adoption. One study revealed that about 90 percent of user-generated passwords can be cracked in less than six hours.
Phishing attacks, data breaches, and ransomware attempts are consistently on the rise, requiring users to remain vigilant about protecting their online information and access to their physical devices.
Multi-factor authentication has emerged as a powerful tool to help restrict account access to its intended user. Rather than simply requiring one password to access a device or service, multi-factor authentication adds an additional layer of account security to verify a user’s identity. It’s become a default setting for banking apps, products from major tech companies like Google, and any account where it’s necessary to have extra security to ensure private information remains safe and secure.
Accessing an account with multi-factor authentication requires a combination of commonly recognized security factors. Typically, that means something you know, such as a password; something you have, like a cell phone or hardware token; or something you are, like your fingerprint or face.
Requiring physical layers of authentication on top of a traditional password creates a level of verification that can be nearly impossible to spoof. Research shows 90% of today’s passwords can be cracked in less than six hours, and considering many users still rely on insecure and incredibly common passwords like “password” or “123456,” additional security methods ensure even the weakest passwords have to be supplemented by additional credentials to gain access to an account.
MFA technology uses a combination of two of the following three options to verify identity:
- Knowledge factor or something you know, such as a password or pin number
- Possession factor or something you have, such as a mobile device
- Inherence factor or something you are, like a fingerprint or voice
Although an MFA solution provides a lot of benefits, it only works if it’s implemented properly. Successful MFA implementation requires careful planning in order to avoid complexity and improve user experience, while also strengthening security.
Small and medium sized multi-factor authentication usage
Every organization should implement MFA. Right? However, many executives still don’t see the value of MFA. For example:
- As reported in a 2022 study, 46% of small – and medium-sized business owners say they have implemented multi-factor authentication at their businesses. However, the percentage of respondents who did not understand MFA or did not see the value was 47%.
- Only 8% of executives have multi-factor authentication active across a majority of apps and devices. And 87% have passwords that are leaked on the dark web.
How to implement multi-factor technology successfully
1. Apply this type of security system across all access points and users
MFA authentication is most effective when you apply it across all users (end and privileged) and across all access points within your company (including on-premise and cloud resources and applications, servers, endpoints, and privileged commands).
Deploying MFA in pockets or silos may leave your company vulnerable to attacks, such as unauthorized access and password-based cyberattacks. It’s just the same as locking the front door of your house and leaving your back door wide open.
2. Integrate adaptive, context-based authentication
Context-based authentication improves threat alert or fraud detection by leveraging contextual information – such as network, location, time of day and device settings – to verify the user’s identity. For instance, if your employee is logging into his account via your company’s network, he could be granted access using his username/password credentials. But, if he is logging in from an unknown network and device, he will be asked for additional authentication factors.
Context-based authentication improves security and user experience because it doesn’t always ask for MFA. It only triggers the MFA when your system detects unusual context or behavior.
3. Provide a range of authentication methods
Today, a wide variety of authentication methods are available to companies, including:
- Hardware tokens (e.g., USB device, key fobs or Smart Cards)
- Soft tokens (e.g., mobile apps that generate a One-Time Password or OTP)
- SMS/text message
- Phone call
- Biometric
- Security questions
Providing a choice of authentication allows your company’s users to choose which ones work best for their given situation. For instance, if a user’s smartphone isn’t connected to the internet, she can still use the OTP generated through the mobile app.
4. Opt for an authentication method that adheres to standards-based security and certifications
Make sure that your MFA solution not only works well with your current IT infrastructure but also complies with such standards as Remote Authentication Dial-In User Service (RADIUS) – a network protocol that provides protection to networks against unauthorized access – and Open Authentication (OATH), an open technology standard designed to enable strong authentication for devices from multiple vendors.
5. Combine MFA with other identity security solutions
Combining MFA with other solutions, such as single sign-on (SSO), helps you further improve protection against cyberattacks. SSO works by verifying your identity through authentication as you log in. Once your identity is authenticated, you are logged into your SSO software. From there you have access to the covered applications of the SSO software without the need to log in for each application or cloud services separately.
6. Continuously re-evaluate your company’s system security
The threat landscape and IT infrastructure are constantly evolving, so you should carry out regular assessments to make sure your MFA technology is continuing to meet your company’s needs. Regular assessments allow you to detect any issues and determine if you need to make necessary adjustments to ensure that your company’s system security continues to deliver value for your company.
Today, there are three popular implementations of multi-factor authentication:
SMS authentication
After a user enters a password, a unique SMS code is sent to their mobile device, and the user must enter that code to access the account. While these codes are often time-restricted and cannot be used more than once, this is considered the least secure version of multi-factor authentication. Apps like Instagram and G Suite offer versions of SMS authentication.
App-based authentication
Rather than having to wait on an SMS code, app-based authentication places the second security factor within another app. Apps like Google Authenticator and Facebook’s Code Generator create custom QR codes that can be scanned on desktop or mobile devices, making it possible to authenticate access to an app without having access to the internet.
Hardware token authentication
Hardware token authentication is the most secure method of authentication. It requires a physical piece of hardware to be present when attempting to access an account. This often takes the form of a USB security key like Yubico’s YubiKey, which is inserted into a device’s USB port to carry out the additional layer of authentication.
Many of these authentication methods are carried out using two-factor authentication, which has become a default security option for many popular services like Apple’s Apple ID and Google’s Gmail, For other apps, like Microsoft Office 365, multi-factor authentication is an option that can be enabled at the administrator level.
No matter what app you’re using, it’s a good idea to enable multi-factor authentication whenever possible. It’s especially critical for banking and messaging apps that contain sensitive personal data, for phones that control access to these apps, and for password managers that collect all of your app’s passwords.
Corporate users, who remain ripe targets for phishing, must also enable multi-factor authentication to control access to critical business information. Solutions like Cisco’s Duo adds two-factor authentication to VPN access, making user access to private networks even more secure. And for organizations that grant data access to third-party vendors, multi-factor authentication ensures access can be controlled or restricted whenever necessary.
If you depend on an online account that collects personal, private, or sensitive information, check to see whether multi-factor authentication is enabled. Even though it may require a user to take an extra step or two, the security benefits offered by multi-factor authentication greatly outweigh any minor inconveniences or extra seconds of time spent verifying a user’s true identity.
Benefits of multi-factor authentication
MFA offers several advantages over traditional password-based authentication. It provides stronger authentication, and protection against password-based attacks, and offers scalability when implemented correctly.
Stronger authentication: MFA enhances the security of access control systems by additional layers of verification. With this in place, attackers would have to bypass multiple authentication factors which would likely reduce the success of attacks. Using MFAs instills a higher level of confidence that the user logging in is the correct user as it requires possession of physical objects, knowledge of information, and use of biometric data. Attackers would have a harder time impersonating legitimate user. MFAs are also able to be used across a multitude of platforms and devices, offering convenience to users.
Protection against password-based attacks: Attackers could have 50% of the credentials needed to access applications due to the use of email addresses as user IDs. Social media, websites, and business cards are all locations and publicly available for attackers to find these email addresses. With the use of MFA password-based attacks, brute-force, and dictionary attacks, can be stopped. If passwords are compromised the additional factors for MFA authentication add an extra layer of protection.
Cost and complexity: Investments in your hardware, software, and maintenance may be needed when you plan to start using MFA systems. Employees will also need to have continued training plus investment in education will be needed. Costs come along with deploying and managing MFA systems that organizations will need to keep in mind.
Take your security to the next level
In today’s complex, hybrid IT environment, companies should consider adopting multi-factor authentication to boost security, protect user identity and improve user experience.
Register for our IT/Network newsletter today!