Our step by step guide to MFA

According to IBM, 1 in 5 successful cyber breaches occur as a result of end-user credentials being stolen or misused.

The good news is, this is a simple door to close and you probably already have the tools you need to do so, in Multi-Factor Authentication.

What is Multi-Factor Authentication?

When we log in to an account or system, we often simply enter a username and password. Your company network is likely to be set up to allow you to authenticate your identity once and then freely access all the data and applications therein – effectively when you have unlocked the front door, you have ‘access all areas.’

The problem is, if your password is stolen, then suddenly hackers gain that same level of access, and can quickly move around the network to steal confidential and personal information.

Multi-Factor Authentication (often abbreviated to MFA, and sometimes 2FA) is a way of adding an extra step to prevent this from happening – it is effectively a second lock on the door.

You will probably have experienced MFA when using Internet Banking: When you login, after entering your username and password, there is another step to confirm that you are who you claim to be. This can be a text to your mobile, an automated phone call, or you may have an app that gives you a time-sensitive unique code.

 

Is Multi-Factor Authentication Difficult or Expensive to Implement?

The crazy thing is that most organisations have multi-factor authentication available to them already, they have just not implemented it. For example, if you are using Microsoft365, then you can download an “MS Authenticator” app for your smartphone, which enables you to add that second layer of protection to your account in seconds. You can then receive notifications from that app to confirm your identity. (If you are not using Microsoft, there are many other options out there from Google, Duo, and Okta to name a few).

Most business applications, including CRMs, accounting software, and web development tools support multi-factor authentication, and increasing numbers of tools implement it by default, so there really is no excuse for implementing a tool which the National Cyber Security Centre describes as “One of the most effective ways of providing additional protection to any password protected account.”

 

We’re Here to Help

As an IT support organisation, we are here to help. We would be more than happy to have one of our team explain more about multi-factor authentication or give you a tech-tip in a different area that is important to you. Simply reach out to us using the details at the top of the page

By Tom Fleming, Support Analyst