Multi-Factor Authentication – The Security Defense Ninja
Has your business or user accounts been the victim of online threats? Then Multifactor Authentication (MFA) is a simple yet effective method of eliminating around 90% of online attacks your business will encounter
In recent years there have been reports citing increasing numbers of hacking incidents, much of which are due to password negligence coupled with poor security practices. These incidents have since put an added spotlight on security, which attests that just usernames and passwords are no longer sufficient. Properly configured MFA can completely remove the threat of a data breach resulting from a compromised password.
Typically, the average user tends to use the same old trusty password for everything. This trend highlighted how insecure passwords were and companies began enforcing users to move to multiple passwords with higher complexity. However, no matter how complicated your passwords are, there is always the threat of a brute force or spray attack cracking your password, let’s not forget phishing emails attempting to steal your credentials, or a data breach involving a company your details may be registered with. Just like that, before you know it, your details could be for sale on the dark web. And this is where MFA defends and comes to the rescue!
What is Multifactor Authentication?
Multi-Factor Authentication (MFA) is a form of security authentication that requires a user to present two or more authentication factors. In order for the authentication process to be completed, each factor must be successfully validated.
Your password is the first form of authentication, it is the thing you (the user) know; the secondary form of verification must be something unique that you have or something that you are, for example, a code or a biometric (such as your fingerprint or face ID scan). This means that even if your password is compromised and falls into the hands of an attacker, they can’t get into your account without the second “something”, which is not easy to get hold of by anyone, let alone a hacker who’s more than likely sitting halfway across the world.
There are a few options available for organizations to choose from when deciding the second factor by which users would authenticate. The user can acknowledge either a phone call, SMS text message, or a code generated by the Microsoft Authenticator app (which is installed on the user’s mobile device). The second factor is required in addition to the username and password to verify credentials, the user will be granted access to resources only after both methods of authentication are successful.
Food for thought
SMS MFA is not the safest method your business should rely on. While it’s better than leaving MFA turned off, there is a likely chance that hackers can intercept SMS messages with relative ease, due to an aging global phone-routing-system and the possibility of SIM Swap attacks. In today’s revolutionary world, we need to be on top of the most secure methods being implemented.
The latest and more secure version of MFA will send an approval notification to the authenticator app on your mobile device which allows you to simply click ‘approve’ or ‘deny’ for the request and you’ll be granted access.
How can MFA benefit my business?
When deciding if to enforce MFA in your organization, it doesn’t matter if you work for a small business or a global corporation, as hackers usually attack accounts randomly. However, once configured with MFA, the vast majority of these attacks are unlikely to amount to anything. MFA improves the protection of organizational resources based on:
- Strengthened security: the most obvious benefit of MFA is that it adds an additional layer of security, where each factor compensates for potential weaknesses of the other factor; for instance, if a password was compromised through a brute-force attack, the second factor would create a roadblock, thereby preventing any breaches, since all the factors required by the system will not be available to the attacker
- Compliance: MFA is a step towards compliance, aside from encryption of data, many compliance standards usually specify that organizations implement MFA for certain conditions; this is especially true when it comes to protecting sensitive data like personally identifiable information (PII) and/or financial details
Let’s wrap it up
It is crucial that your employees are educated on the importance of MFA; a data breach poses a threat to the company’s reputation, and the fallout could result in company funds or key client data being stolen. A single compromised Microsoft 365 user account gives an attacker the keys to your palace. When it comes to security, every employee must play a part—not just IT.
So, readers, if your business is using Microsoft 365, do not delay further, you need to roll out MFA now.
Most Microsoft 365 plans include MFA and it can protect you from 90% of the attacks on your accounts, which are ultimately inevitable. This is the absolute minimum that a business should be doing to improve its security posture.
Note that the default deployment of MFA would prompt you whether you are working remotely or even at the office; however, you can further configure Conditional Access (by paying for an Azure AD Premium P1 license if it is not already included in your subscription). Conditional Access provides the option to add trusted locations to your MFA. A trusted location (or IP address) means you could essentially exempt the office from having to respond to MFA prompts as users in the office would sit behind the corporate firewall, accessing the internet from a protected zone—only the employees working remotely (from untrusted IP addresses) would have to respond to the prompts.
Check out our Conditional Access Blog to learn about this great companion to MFA!