Since ancient times, we've used "secret passwords" to guard our information and confirm who we can trust.
With modern technology, nearly all our tools are accessed by a username and password. But technology has also enabled attackers to guess our passwords with ever-increasing ease.
Enter MFA. Multi-Factor Authentication (otherwise called 2FA, or 2-Factor Authentication) has become a must-have tool for securing your technology and accounts. If you or your business have been waiting, now is the time to make the switch.
Quick Primer: What is Multi-Factor Authentication?
- Multi-Factor Authentication requires that the user present two different types of authentication to confirm their identity.
- In addition to a password, you must either use something you have (smartphone app, phone call, USB key) or something you are (fingerprint, facial recognition).
- Often you can mark a device as "trusted," so you only need to authorize that computer once.
Four Reasons Why Now Is the Time for Multi-Factor Authentication:
1. Multi-Factor Authentication Really Works
Adding Multi-Factor Authentication to your accounts helps protect against many of the biggest threats to your data:
- Phishing Attacks: Even tech-savvy users can be duped into typing their password into a legit-looking window, giving the attackers sensitive passwords.
- Password Reuse: Despite all security warnings, many users use the same password for multiple accounts. Without Multi-Factor Authentication, a single compromised password might give an attacker access to multiple business and social media accounts.
- Brute-Force Attacks: A computer across the world can guess thousands of passwords per second and have lists of the most commonly-used passwords. Multi-Factor Authentication ensures that even a lucky guess isn't enough to access your account.
Google's security blog reports that Multi-Factor Authentication, when implemented well, "can block up to 100% of automated bots, 99% of bulk phishing attacks and 66% of targeted attacks."
2. Many of Your Accounts Are Exposed to the Internet
Businesses have enjoyed a surge in cloud-hosted offerings and remote-access tools, allowing users to connect from anywhere. But if a password is the only gate between and your account, it's a ripe target for hackers.
Just remember: if you (or your vendors, or your IT staff) can access critical information with only a password, so can an attacker!
3. Hacked Accounts Are Costly, in More Ways Than You Think
Many businesses are rightly concerned about threats from ransomeware and data loss. But there are other costs, which many don't realize until it's too late:
- Reputation: If a hacked mailbox is sending spam to your clients and partners, what will they think of trusting you with their business?
- Critical Infrastructure: Your business may be relying on more accounts than you realize. If your internet registrar login is compromised (like GoDaddy or Network Solutions), an attacker can re-route incoming email and web traffic to their own servers, potentially impacting all your site's visitors.
- Cleanup: Even after an incident has been resolved, more work is needed to ensure things are secure. For example, a hacked email account will often have forwarding rules to send certain emails to the hacker. These can be removed, but this takes time and expertise.
4. Enabling Multi-Factor Authentication Has Never Been Easier
Many popular platforms have enabled Multi-Factor Authentication for its users for free. Google, Microsoft and Amazon now include free MFA integration via a smartphone app. Microsoft recently announced that MFA in Office 365, once requiring a paid security feature, would now be free using the Microsoft Authenticator app.
Even in complex business environments, products like Watchguard Authpoint and Duo Security allow you to bring Multi-Factor Authentication to your business applications and remote-access tools.
Solutions like this save businesses time, money and headaches. Solutions like this are our business. Our IT Solutions Group exists to help organizations navigate their IT needs with industry-leading expertise and real solutions.
Contact Loffler's IT Solutions Group
Read More: Phishing Emails: Three Tactics to Defend Against These and Other Scams
Jon is a Network Engineer in the IT Services Group at Loffler. He has worked in IT for 21 years, focusing on server configuration and network security. Lately, his focus has been helping clients move to Microsoft’s Azure cloud. In his free time, Jon collects far too many musical instruments and tries to find time to play them all.