How Multi Factor Authentication (MFA) Works and Why It’s Important For Your Business
It doesn’t matter how strong you make your passwords. If they are your only protection against unauthorized system access, you’re one employee falling for a phishing e-mail away from a full breach. And according to a recent IBM report, stolen user credentials are the single most common root cause of data breaches. For this reason, Multi Factor Authentication has quickly become an industry standard for cybersecurity. In fact, many reputable organizations, including banks, healthcare providers, and government agencies, now require it. But what is MFA, and how does it work?
Let’s explore:
What is Multi Factor Authentication?
Multi-Factor Authentication (MFA) is an essential security measure that provides account users additional security against unauthorized access by requiring user authentication beyond the typical username and password. With MFA, a user must verify the user’s identity with two or more of the following types of authentication methods:
- Something the user knows, such as an authentication code or a password
- Something the user has, such as security tokens (aka security keys via USB) or mobile device
- Something the user is, such as a fingerprint or facial recognition
By requiring any number of these extra authentication factors, your password is no longer the last line of defense against unauthorized access to your sensitive data. Even if a hacker was to obtain your password, they would not have your fingerprints to gain access to your phone, preventing them from being able to breach your account.
If you have ever been sent an authorization code to enter after inputting your password, you have used multi-factor authentication.
Two Factor Authentication (2FA) vs. Multi Factor Authentication (MFA)
You might have heard the term Two Factor Authentication rather than MFA. So what is the difference between 2FA and MFA?
Two Factor Authentication requires users to provide exactly two of the previously mentioned authentication methods. Thus, the name “Two-Factor Authentication.”
MFA requires two or multiple authentication factors, so, technically, Two Factor Authentication is a form of Multi Factor Authentication since requiring two factors is still considered a form of “Multi-Factor” authentication. However, the reverse is not true since requiring three factors would be considered Multi Factor Authentication but not Two Factor Authentication.
So is one more secure than the other? As a general rule, requiring more authentication factors will always be more secure than requiring less.
Why is Multi Factor Authentication Important?
A recent PCMag poll revealed that roughly 70% of people use the same password across different sites and accounts. Without MFA, if one of your employees decides to reuse even one work password for a vulnerable personal account, all your sensitive company data is suddenly in jeopardy. With MFA, however, you introduce an added layer of security in your authentication process that makes it significantly harder for malicious actors or unauthorized personnel to gain access to confidential data, accounts, or systems.
Phishing attacks, social engineering, and credential stuffing; hackers are constantly inventing new ways to steal or get users to grant access to their passwords. This is why organizations implementing MFA are significantly less likely to become victims of cyberattacks than those that don’t. How much less?
According to data from Microsoft, using MFA could potentially block 99.9% of account attacks. That’s an eye-opening statistic that should drive you to action if you are a business leader who still has not implemented MFA throughout your organization.
When Should You Use Multi Factor Authentication?
This is pretty straightforward. If any system you use contains critical or sensitive data, you should be using at least Two Factor Authentication on all accounts associated with it.
At RTS, we consider MFA one of the most essential basic security measures a company can implement. If you store critical data on any platform, and that platform does not offer at least Two Factor Authentication, we suggest moving on and replacing that vendor with one that does.
How Do You Set Up MFA?
This will depend on the platform you are using. Many major vendors, such as Google, Microsoft, and Amazon, offer MFA in their security settings menus. The most common methods for setting up MFA use QR codes, e-mails and texts with codes, or proprietary authentication apps (Google Authenticator, Microsoft Authenticator). Simply following the instructions provided by your vendor should be sufficient to add MFA to these systems.
You can also purchase products that allow you to add MFA to your internal networks. Some of these services are Passly and Duo.
If you have questions about setting up MFA, it’s best to consult your vendor and ask for instructions. If you are a business working with a managed service provider (MSP), they can assist you in finding the most appropriate solutions to streamline setup and implementation across all your systems and accounts.
How Much Does MFA Cost?
Multi-Factor Authentication solutions come with varying costs depending on the factors involved, such as the size of your company, the complexity of the implementation, and the level of support and maintenance needed.
Many top vendors (Google, Microsoft) offer basic Two Factor Authentication protections for personal accounts for free. However, businesses looking for a more in-depth solution for their internal accounts will need to use one of the previously mentioned services. Some of these offer freeware versions (such as Duo Free), but any free Multi Factor Authentication solution will have limitations.
Generally speaking, hardware-based solutions are more expensive compared to software-based solutions. For instance, tokens and smart cards containing chips are hardware-based solutions that require additional costs to purchase and maintain.
Software-based solutions such as biometric authentication and one-time passwords require little or no additional cost as they use users’ existing devices.
Regardless of your chosen implementation, the costs of introducing Multi-Factor Authentication solutions to your business are dwarfed by the potential financial losses arising from any cyberattack and data breach.
What is Managed Multi Factor Authentication?
Managed MFA is when MFA solutions are overseen by a third party, typically an MSP.
Because some Multi Factor Authentication requires a bit of setup, implementation, and training, it will inevitably add some complexity to your day-to-day operations. So, additional oversight and maintenance will most certainly be required. Employees will change mobile devices or lose them. MFA software will need to be frequently updated. Major vendors such as Microsoft can also reset MFA tokens if they deem an authorized user to be at risk. For this reason, many companies choose to partner with an MSP who can provide expert-level guidance and management to ensure that your MFA implementation is properly tailored to fit your specific needs.
In short, managed Multi Factor Authentication allows you to outsource the hassle of MFA and assists your organization in finding the most efficient and safest method of implementation.
Can MFA be hacked?
The short answer is: yes.
Any security method, no matter how complex, can be hacked. But every additional layer of authentication factor you introduce provides more security.
Any form of Multi Factor Authentication will help reduce the probability of being the victim of a cyberattack. However, expert best practices can help optimize MFA to significantly decrease your chances of being breached.
If you want to discover more methods to make your business as secure as possible or just have questions about how to best incorporate Multi Factor Authentication into your current operation, don’t hesitate to contact me at lenny@reliabletechnology.co.