The 2017 Verizon Data Breach Investigations Report (DBIR) declared the number of data breaches involving stolen or weak passwords to have risen to 81%.
The simple password as a security measure is no longer good enough for the world we live in today. Once a password has been discovered by a malicious party they can enter an account and do as they please. There are no back up checks. Your business data and future now lies in the hands of an authorised attacker.
Whereas password policies can be mandated, users just want to be able to remember their credentials to login. Trying to recall a 20 character string of uppercase, lowercase, numeric and special is testing to even the best of us. This only gets worse when restrictions are added; you can’t use these characters, you can’t use a known word, you can’t even use a synonym of that word you used 3 years ago. Options become distinctly limiting and users understandable become increasingly frustrated.
These reasons are why companies are turning to Multi-Factor Authentication (MFA) to up their security.
What is Multi-Factor Authentication?
In brief, Multi-Factor Authentication identifies an online user by validating two or more claims presented by the user, from different categories of validation.
The basic categories are:
- Something the user knows – password or PIN
- Something the user has – a known and trusted device
- Something the user is – biometrics, such as a fingerprint
The theory behind MFA is that the combined factors of validation are stronger than their individual parts. There is no single impenetrable authentication factor.
We’ve put together a handy illustration to explain more about the different categories within multi-factor authentication. You’re welcome to download the MFA poster and pin it on a noticeboard, email it to staff or use it as a part of a training talk.
What are the Benefits of Multi-Factor Authentication?
Aside from the obvious of stronger security, as already discussed, MFA does have a couple of other significant benefits that shouldn’t be forgotten.
If your business is subject to compliance regulations you may find MFA is a way to satisfy various data protection criteria. Multi-Factor Authentication may or may not be named as a specific solution, however it could be an efficient measure in many situations which need a strong authentication process, such as sensitive personal information or financial data.
Simply initiating MFA isn’t always enough, you should always consider the multiple methods you choose to use. A combination of password and SMS may not be deemed secure enough for your use-case, adding in fingerprint recognition may be required to meet security compliance.
Simplifying the Login Process
As mentioned at the beginning of the article, complex passwords are not user friendly. Although Multi-Factor Authentication adds extra steps it may actually make logging in easier.
Single sign-on is one way MFA can speed up the process. For example, a user of the Office suite will need to login via MFA for their first use of an app on their device. From there on they will have instant access to all the apps covered by the single-sign on software, so all the Office apps in this example.
Multi-Factor Authentication can be set to allow or limit login access based on a user’s location. If employees use their own devices or frequently work outside the office this puts the company data at risk from another angle – physical theft. MFA can be used to recognise when a user is seeking access from an unknown location and require an extra level of security to validate this is a genuine login attempt.
The Threat of Data Breaches Isn’t Going Away
Cyber security has become the top priority for many organisations with breaches constantly hitting the headlines. Multi-Factor Authentication is widely recognised as the most secure method for authenticating access to data and applications and the biggest challenge to potential attackers. Some applications are starting to build the feature in to their offering, for example Office for Business, but there are many standalone options out there.
If you’d like to discuss implementing this security feature within your organisation please chat to us today.
The full 2017 Verizon DBIR can be accessed via this link: https://enterprise.verizon.com/resources/reports/dbir/