What The F Is MFA? Multi-Factor Authentication Questions Answered
Imagine never having to enter a long, complicated, unique password every time you log in. Now imagine that in doing that, you’ve blocked 99.9% of all incoming security attacks. With multi-factor authentication, you can!
In this article, we’ll walk through what multi-factor authentication (MFA) is, how it works, and how to start implementing it at your organization.
What Is Multi-Factor Authentication?
Not many folks are cracking open a beer with friends to gab about protecting their data from cyber attacks. It’s not a sexy topic, but it does impact each and every one of us every single day. A data breach could be devastating for any individual, company, or organization. It can cause expensive delays in process, frustration and fear among your clients, and leave a lasting impact on your business.
Multi-factor authentication is a security method that requires a user to prove their identity through multiple methods before providing access. The approval method falls into three categories:
- Something you know, like a username and password
- Something you have, like a cell phone, tablet, or USB
- Something you are, like a fingerprint, face scan, or retina scan
The extra barriers in place for multi-factor authentication have been proven to block out 99.9% of all incoming attacks, while also being more convenient for the end user.
Why Aren’t Passwords Enough?
First things first: passwords are very hard for humans to remember, and easy for computers to guess. There’s been so much expert advice on what makes a good password that we’ve become weary of password management as a whole.
Former National Institute of Standards and Technology manager Bill Burr regrets ever issuing a password standard in 2003 which required numbers, special characters, and a refreshed password every 90 days. The strategy of replacing a letter with a symbol (‘a’ with ‘@’ or ‘l’ with ‘!’) becomes an easily detected pattern when everyone uses the same system. Mandatory password resets seemed like a great idea too, until we all started adding ‘123’ and ‘!’ to the end of the current password when prompted. Those small, incremental changes make passwords easier to guess.
When each login is a potential security threat, an organization’s security is only as strong as its weakest password. Without multi-factor authentication, one easy to crack user password is all that stands between a malicious hacker and your organization’s data.
How Does Multi-Factor Authentication Work?
When multi-factor authentication is enabled, your users go through a two-step verification process to prove their identity upon logging in. Broadly speaking, your selected multi-factor authentication solution will send a request for approval to the user’s device in the form of a notification or text. Requiring approval on the device means that if someone else is trying to use your password, you’ll get an alert, deny the request on your phone or device, and shut down the login attempt. There are also options for a USB drive you insert into your computer and thumbprint scan for approval.
With MFA, even if an attacker manages to learn a user’s password, it is useless without the attacker also being in possession of the additional authentication method. A laptop left unattended would normally be a major security threat. By requiring biometric scans and an approval on a second device, only the account owner can get access. The easily cracked password is only the first step, and the unknown login attempt will remain locked out while also indicating a potential security breach.
How Do I Implement Multi-Factor Authentication?
While multi-factor authentication is a straightforward user experience, it does require some setup. First, you need to decide what method you’ll use. You can use the Microsoft Authenticator App, conditional access policies, USB drives, or determine methods per user. Its recommended that you pilot your selected multi-factor authentication method for a small group of users before implementing organization-wide. Once you’ve worked out any kinks through your pilot, you can release it to all of your users.
Interested in implementing multi-factor authentication but don’t know where to start? We can help! Get in touch to plan your rollout today.
Originally published at https://regroove.ca on June 30, 2020.