Why Your Organization Needs Multi-Factor Authentication

There's a good reason why everyone is using multi-factor authentication (MFA) as part of their security infrastructure: it has one of the best bang-for-buck ratios of any security control or technology that exists. Today's business owners are very concerned about protecting their information, assets and reputation from external and internal threats. Let's take a high level look at what multi-factor brings to your business.

What's the Value of MFA? Why should I care?

With time, any password can be guessed, decrypted or otherwise obtained. With multi-factor authentication you're better protected- for example, when you fall for a phishing attack or someone finds that post-it note under your keyboard. MFA buys you the time to notify your IT staff and change your password, because the attacker likely doesn't have access to your smart phone, fingerprint, or smart card - the additional authentication factor. Criminal organizations often target systems that only require a username and password- in the example of internet banking, we've seen crooks create and transmit wire transfers and bill payments immediately after gaining access. You're not likely to get the money back once it's been sent outside the USA.

Multi-factor authentication helps establish due care and increases accountability, which demonstrates that as a business owner or leader, you take reasonable measures to ensure that your business, employees, and customers are protected. An often overlooked aspect of liability, this is one of the first things insurers will examine when you file a claim after being breached, sued, or experience loss from a security incident.

Multi-factor enables operational efficiency and a more flexible workplace for your team. Many solutions include capabilities for self-driven password reset, so staff can manage their own account and get back to work quickly instead of waiting for the Help Desk to unlock them. In addition, multi-factor solutions are designed to work with a wide variety of VPN technologies, providing remote access to your organization's internal resources. Work from home? Flood, or Pandemic? Mobile sales team? No problem!

Okay. So, what is Multi-Factor Authentication?

Multi-factor authentication is a more secure process for proving your identity to a system before you're authorized for access. There are three types of factors that everything gets lumped under: Something you know, something you have, and something you are. Let's look at a couple common examples:

• Type 1: Something you Know

  • Username (Use a convention that's not easily guessed!)

  • Password (Use a policy for password and account lockout requirements!)

  • Facts about an individual (Mother's maiden name, birthday, etc.)

• Type 2: Something you Have

  • Smartphone App (To generate one-time codes or approve Push Authentication notifications)

  • Smart Card

  • USB or Key Fob (Generates one-time codes, like a YubiKey or RSA token)

• Type 3: Something you Are

  • Fingerprint (USB and built-in scanners)

  • Facial Recognition

  • Iris Scan (Costly and slower than other options, and includes some privacy concerns related to health conditions, but much tougher to fool)

How it works

Most multi-factor authentication solutions require two factors. You generally see either a combination of something you know and something you have, or something you know and something you are. Let's look at some common examples:

Scenario 1: Something you know, and something you have

1. John fires up his computer and is presented with a login prompt, asking for his username and password.

2. John enters both successfully. 

3. The system then asks John to enter a passcode.

4. The system also sends a push notification to John's smartphone authenticator app.

5. John approves the login request on the authenticator app, and is granted access to the system.

Scenario 2: Something you know, and something you are

1. Sally fires up her computer and is presented with a login prompt, asking for her username and password.

2. Sally enters both successfully.

3. The system then asks Sally to scan her fingerprint.

4. Sally scans her fingerprint successfully and is granted access to the system.

Pretty simple, right? Implementing a multi-factor authentication system requires some effort and expertise, but once it's up and running it's fairly low maintenance- especially when your users can reset their own accounts.