During this month of Cybersecurity Awareness, we want to take a moment to discuss an essential aspect of our cybersecurity strategy—Multi-Factor Authentication (MFA).
What is Multi-Factor Authentication?
MFA adds a layer of protection to your security by allowing access only after successful verification of two or more different categories. These may include:
- Something You Know: This is usually a password or PIN.
- Something You Have: This could be a mobile device, smart card, or security token.
- Something You Are: This refers to biometric factors such as fingerprint, retina scan, or facial recognition.
By requiring multiple forms of authentication, MFA significantly enhances the security of our systems and data, making it exponentially harder for unauthorized individuals to gain access, even if they manage to obtain one of the authentication factors. According to Microsoft, enabling MFA can block up to 99.9% of account compromise attempts. We encourage the use of MFA where ever possible on all work and personal accounts.
Why is MFA Important in Cybersecurity?
Passwords are no longer sufficient protection against cyberattacks. And some regulatory bodies require it for their data protection regulations. Using MFA is easier than you might think and boosts your cybersecurity by:
Reducing the risk of compromised passwords
- Aiding Cybersecurity Liability Insurance compliance
- MFA is compatible with Single Sign-On (SSO)
- Provides a customizable security solution tailored to your needs
MFA can be implemented by things as simple as text messages or phone calls with codes. The Microsoft and Google Authenticator apps are free to use, and generate OTP (One Time Password) codes every sixty seconds or push notifications–for multiple accounts. (Push notification simply require a click-to-allow acknowledgement.) Push notifications must be used with caution because they often do not identify the account they are coming from.
Beware MFA Fatigue Attacks
Unfortunately, cybercriminals have learned to exploit vulnerabilities in MFA and launch MFA fatigue attacks, or MFA spamming. These attacks typically occur when users setup push approval methods as their preferred MFA. Experts suggest using more complex multi-factor authentication methods to protect from these types of attacks. If you have accounts setup with push approvals, be an alert user. You should not acknowledge prompts that you are not actively generating. If you think you know which account they may be generated by, it’s time to change the password and know that you likely just thwarted a hack attempt. In a world where our digital lives are intertwined with convenience and connectivity, safeguarding our online presence has never been more crucial.
According to Verizon’s 2023 Data Breach Investigations Report, 61% of all breaches involve credentials. Of those breaches, 50% are directly caused by stolen credentials, which takes us back to last week’s blog on why you need strong and unique passwords on every account.
If you have questions on Multi-Factor Authentication or how to enable it, contact us to help!
Stay vigilant, stay secure!