Gone are the days when just a password could protect your organization’s account. In today’s world, passwords are much easier to crack, especially when the most popular password in the U.S. continues to be “123456”. Even complex passwords are not enough to thwart hackers desperately trying to access your accounts. The number of external attacks increases every year.
Microsoft’s recently released cybersecurity report Cyber Signals stated that they blocked more than 25.6 billion attempts to break into accounts of enterprise customers in 2021. Unfortunately, they also stated that just 22% of Azure Active Directory customers have enabled MFA on their accounts. Microsoft Corporate Vice President of Security, Compliance and Identity called these daunting statistics “a dangerous mismatch because the attacks are increasing, but the preparation is not there yet”. We need an extra layer of defense to protect our information: multi-factor authentication (MFA). MFA (also known as 2FA or two-factor authentication) is of the most important security controls your organization can implement. It adds a second layer of protection in securing your online accounts.
The Cyber & Infrastructure Security Agency (CISA) recently started a campaign called “More Than a Password” urging private sector organizations to help raise public awareness about using MFA. Especially critical now as CISA issued a “Shields up” warning in February about Russian cyberattacks due to the war in Ukraine, MFA is vital in protecting your business. Think of MFA as an invisible bubble that can protect your organization’s data. According to Microsoft, users who enable MFA are 99% less likely to get hacked. This is because MFA uses two forms of authentication (instead of just one) so even if one form is compromised, unauthorized users will still be unable to meet the second authentication requirement ultimately stopping them from gaining access to your accounts. There are three main methods of authentication that can be used for MFA (at least two are selected depending on the service/application):
- Something you know – Certain information known only to the user such as a password or a pin.
- Something you have – An object the user has in their possession that can be physical or virtual. Physical objects could include security tokens, keys or smart cards. More common are virtual objects such as authentication apps (i.e., Microsoft Authenticator, Okta, Duo, etc.), email or SMS messages that include a one-time pin.
- Something you are – This includes biometric authentication such as a fingerprint scanner, voice or facial recognition.
Most websites and applications offer MFA free of charge to encourage better cybersecurity hygiene. In some cases, your organization may have to turn on the MFA requirement in the application settings, but setup is generally very quick and inexpensive (depending on where and how MFA is being implemented). CISA recommends not only implementing MFA for your work life, but also for your personal life. MFA can be enabled on your social media accounts, your bank accounts, email accounts, etc. It is especially important when accessing sensitive information such as bank information, Social Security numbers, health care information, etc. Passwords won’t save you anymore, but multifactor authentication will.
Learn more about the benefits of multifactor authentication along with other IT Security Best Practices by contacting OCD Tech.
