Have you implemented MFA yet on your business’s digital accounts? If not, you can’t afford to wait any longer.
Here’s what you need to know about this crucial security tactic.
What Is MFA?
MFA stands for multifactor authentication. It’s a category of authentication methods that offer far greater security than the internet’s standard “username + password” system.
If you’re not sure exactly what authentication means in this context, start with that username + password. At virtually any website you visit, those two elements tell the site that you’re you. (Sort of: technically it just tells the site that someone has credentials that only you should have — and that’s where the problems start.)
You’ve probably come across two-factor authentication (2FA) somewhere in your business or personal life. There are lots of ways to do it, but the most consumer-familiar version is when a company asks for your username and password, then texts or emails you a temporary code that you also have to enter.
This is a lot harder to beat if you’re a bad guy: you need physical access to the victim’s phone, or some rather fancy way of intercepting that text message.
Multifactor authentication (MFA) steps it up even further, requiring more complex types of authentication and/or more of them.
The best MFA systems require three categories of authentication:
- Knowledge: password, secret question
- Possession: USB key, authenticator app
- Inherence: biometric identification like Face ID or fingerprint
Why MFA Matters
MFA matters because your business relies on the security of various digital accounts. Usernames and passwords are hard to remember, easy to lose, easy to steal, and (relatively) easy to crack. The stakes could be as high as the continued viability of your business. And with stakes that high, single-factor authentication (username + password) just isn’t good enough.
When you add a second or even a third layer of authentication, you make it exponentially more difficult for the bad guys to break into your digital systems.
Put on your bad-guy ski mask for a second and try to envision what it would take to break into a knowledge/possession/inherence system.
- Knowledge: stealing or cracking passwords is relatively easy to do.
- Possession: physically stealing someone’s USB key (without them noticing!) is much more difficult, as it requires physical proximity and skill.
- Inherence: unless you’re at chopping-fingers-off level of criminality, this one’s a no-go.
Watch Out: Too Much Friction Can Cause Resistance
One consideration before you go Fort Knox on your digital assets: if you add too much friction, you’ll create a system that’s so cumbersome to use, your people will start to look for workarounds.
For example, it doesn’t matter how tightly you lock down your corporate email if people end up getting frustrated with it and send your sensitive files over their personal accounts.
The best modern authentication systems don’t demand all three layers of authentication every single time a user needs to do anything. Some level of trust can be established, such as when a user logs in using a known device at an appropriate time and in a usual location.
But if that same user (credentials-wise) tries to log in on a new device in the middle of the night in a different country, an adaptive system will “back out” and demand all three layers of authentication. If it’s really your employee on vacation, no problem. If it’s a scammer half a world away, those additional layers will put a stop to the attempt nearly every time.
Choosing the Right Solutions
Getting the right MFA solution in place is vital, but it isn’t exactly plug-and-play. To get the most out of your MFA solution without driving your people crazy and pushing them to work outside the system, you need to choose the right products and set them up properly.
We can help you maximize value and efficiency as you step up your security. Just reach out to discuss your needs!