Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is the process of needing more than one piece of information to log in to a secure website or service. In traditional systems, all you need to know to gain access to an IT system is a username and password, data that can easily be hacked or stolen.
MFA introduces a second component, often a PIN code that can only be generated by a mobile phone or an access token, meaning that for a malicious user to gain access to a system, they would need to steal not only your password information but also your mobile device – making it significantly harder for access.
MFA isn’t really new; we’ve been doing it at cashpoints for decades – to get money from your bank you have always needed both your password (your PIN) as well as the associated bank card. MFA is sometimes referred to as two-factor authentication, although MFA is becoming more popular as the more factors required, the higher the level of security and the more protection against cybercrime.
Why are organisations using MFA
Increasingly, more and more businesses are storing information in the cloud, Office365, SharePoint, Box, Google Drive etc are all fairly commonplace, and whilst previously users needed a VPN to access company data, access is now much more straight forward. Passwords are becoming weaker as time goes on and this had lead to breaches a people use similar and familiar passwords.
With the use of MFA there is a significant decrease with the amount of cybercrime that is happening within the organisation. By adding this extra layer of protection will protect your firm as adding additional authentication measures cybercriminals (even when they have the right password) cannot get past the extra levels of security.
What to consider when implementing MFA
Needs analysis
Its vital organisations understand the way all users work and access data prior to choosing a multi-factor authentication method. Understanding what devices are being used and by who will help make sure all bases are covered and protected.
Back up plan
Your MFA solution should be factored into your business continuity plan. For example, what if a user loses his or her phone or token? Is there a way for users to gain emergency access?
Time and resources
MFA implementation takes planning and training because you need to ensure you have not only researched the needs of the organisation but also the most appropriate solution for your organisation and how best to roll this out. It’s important to test your chosen solution with a selection of users before rolling out to your wider organisation, to ensure that everyone can continue to access files without too much inconvenience.
User training and adoption
User training is important to ensure users understand the new way of working and do not have a negative experience when using MFA. This can be difficult to manage as passwords are still present and now in addition to managing these, users have to manage the extra security measures. But by explaining the importance behind the additional security measures, cybersecurity awareness across the organisation will also increase.
Would you like more information on MFA?
How can we help you?
We’d love to talk to you about your specific cybersecurity needs, and we’d be happy to offer a no-obligation assessment of your current IT arrangements, we’re here to help.
For more information on MFA and security solutions.