Multi-factor authentication provides individuals and businesses with another barrier of protection against security breaches caused by weak or easy-to-guess passwords.
A study by Verizon in 2022 showed that over 80% of cyber breaches happen due to weak or stolen passwords.
According to CyberEdge’s annual Cyberthreat Defence Report (CDR), approximately only half of companies currently use multi-factor authentication meaning that this is an area of vulnerability for many organisations.
While Multi-factor authentication is not new, it is often overlooked. In fact, a Microsoft study showed that multi-factor authentication (MFA), can prevent 99.9% of attacks on your accounts making it a key security consideration.
Many websites offer MFA via SMS or a third-party app, however, by installing MFA on your network you can ensure that all users are required to not only enter their password but also to authenticate in another way.
The types of multi-factor authentication vary but generally fall into the following categories:
- Something you know, such as a password or PIN.
- Something you have, such as a badge or smartphone.
- Something you are, such as a biometric like a fingerprint or voice recognition.
As with anything, each option has its own benefits and challenges.
Things you know such as a one-time password or pin can be easily guessed, just as first passwords can. Things you have such as smartphones and tokens can be lost creating a new barrier to entry. Biometric authentication is seen as one of the most reliable forms of MFA and also the hardest to compromise, however, they are not completely fool proof.
MFA enables a passwordless approach. In order to prevent passwords from being guessed or hacked, many organisations implement a password policy which requires users’ passwords to be changed regularly. While this helps with security it also often results in an increased need for support with more calls to the helpdesk from users who forget their password soon after having to change it.
Implementing MFA removes the need to require regular password changes and as a result the demand for support is reduced and time is saved.
In order to circumvent these potential issues, it’s important to understand how your team and organisation currently function. Which solution is best will depend on individual circumstances and preferences.
There are some considerations that need to be taken into account as you explore the options available to you with multi-factor authentication.
It is vital that the implementation of any kind of MFA solution does not create a barrier to work. For example, if you use a token to create a code and have a flexible working policy team members may not remember their token. While there are ways to access the account if this happens it is often time-consuming and may cause other issues.
Cost is another key consideration for those looking to improve security. While many companies feel that basic security is sufficient to protect them against threats and do not want to invest further, the cost that comes from a security incident extends beyond money.
Breaches can compromise secure data and put other companies at risk due to phishing emails sent from company addresses which can cause damage to your brand reputation.
If you do not have MFA set up, it is recommended that you implement this as soon as possible to provide you and your organisation with another barrier of protection against security breaches
If you would like assistance or more information or support on implementing multi-factor authentication please feel free to reach out by visiting Systemlabs or calling 08456 443 911.
SystemLabs is offering 3 months of FREE complete security licensing until the end of March 2023. The offer is open to those who take out a managed services contract. MSP contracts provide ongoing IT support and advice. You can view all support plans here.
Pictured: Alex Blackwell, SystemLabs COO, who oversees the cybersecurity offerings of the company
