As Managed Security and Support providers, we have guided many people over the phone this year to set up multi-factor authentication for their different online accounts. I have found the classic scenario many times now, where the client is sick of setting up, creating passwords, checking for an SMS authentication number and so on. It can take a maximum of 10 minutes real time to protect your account with multi-factor authentication. When you compare those 10 minutes to months and months of painful recuperation after a data breach, you begin to appreciate the value of that initial 10 minute investment. True, multi-factor authentication is not the solution to every cybercrime, but it does give you an important additional level of online security.
We don’t really think about it but we have been using MFA and 2FA for decades now, and we haven’t complained. “Please enter your pincode” at the supermarket till, or “please help me with the city where you first met your husband” to speak to someone over the phone about your bank account, and the everyday 4 digit pin to get some money from the hole in the wall. Seconds out of your day, that go a long way to protecting your money, your data and even your identity. The next stage has included messages to your mobile phone, codes through an app on your phone, or digitally programmed USB keys that allow you to login to your device and your accounts.
One definition explains it this way; ‘a method of authentication that uses two or more authentication factors to authenticate a single claimant to a single authentication verifier’ especially important on your network, banking websites and even social media.
It adds an additional layer of protection to ensure that even if your password has been stolen or compromised, your data stays protected, via your multi-factor authentication method. For example, if you have set up MFA on your Google account, you suddenly get a message through on your mobile phone asking: Are you logging in to a certain device with your Google account?
If it is not you, then it must be someone else trying to hack or falsely log into your account on another device. As you click “no” on your mobile screen, that person will automatically be blocked from logging in. If you add into the equation the fact that literally millions of people have no password security culture whatsoever, then 2 factor authentication becomes vital.
That is just one example of 2FA, a confirmation message on your mobile. You could also choose to use physical tokens, that banks across the world have been using since the dawn of computers, or the more recent USB security keys that you must insert into your device along with your password to gain access. Both of these external, physical devices do carry an additional cost for the hardware, but are solid security devices for busy offices, where an unwanted person could easily try and gain access to your PC.
Mobile devices are coming equipped with multiple MFA options now: facial recognition (not great when you first wake up in the morning or during the night!), fingerprints are always simple unless you are baking or fixing your car, but they are practical MFA solutions for your peace of mind.
There are also many 2FA authentication apps available that offer a constantly changing passcode, on your mobile device, that is linked to your account login, and you only have a certain time window to type in the current correct code given through the app. These apps are free and easy to set up, Google Authenticator or Authy are examples that you might choose to try.
Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something that only you know, like an answer to a personal security question), possession (something that only you have your mobile, your Yubico key, your Google Titan Key), and personalisation (something that you are such as your biometrics: fingerprints, facial scans).
MFA is especially important in industries and specific departments where data protection is of extreme importance: Legal, Medical, Personal and Financial information are “key” examples. We will consider these specific areas in more depth in a future blog.
No doubt you will consider important factors such as business security, practical usage for your team and of course cost effective solutions that suit your IT landscape. Your Cloud Works, is available for consultations regarding MFA and 2FA, and would look forward to discussing your business requirements with you.
You can visit our website at www.youcloudworks.com or give us a call on 01908 410261 if you would like to discuss your Cybersecurity further.