What’s safer than a front door with one lock on it?
If you answered “a front door with two locks on it” (with that inflection exactly), you either a) understand and appreciate the value of multilayered security, b) have heard too many jokes, or c) both. Regardless, you’re spot-on.
Nearly every front door in America has a lock on the handle, and a deadbolt above it. So if the handle lock breaks, or if a burglar finds the key you haphazardly slipped into an egregiously fake rock on your porch, they’ll still have a hard time getting into your home.
Multi-factor authentication (MFA) uses the same concept to keep your company’s data as secure as possible. Which is critical, considering the fact that your business has boatloads of valuable data that has cybercriminals licking their chops on an hourly basis.
Imagine for a moment that your home, with your family and valued possessions, has as many doors as you do employees, and that each employee holds the key to his or her own door. Are you willing to just trust that they’re all handling their keys as responsibly as they’re supposed to? Or are you going to put some other safety measures in place?
If you chose the latter, MFA is for you. Here’s a rundown of what the term means, and how it could end up protecting your business.
What is multi-factor authentication?
In simple terms, MFA is any authentication process that requires more than one method of verification before granting access to a digital resource.
You almost certainly use MFA on a weekly basis, even if you’ve never thought of it in these terms before. One low-hanging-fruit-example of MFA is being forced to enter your zip code at the gas station after you’ve inserted your credit card.
Having the credit card in your possession in and of itself is a method of verification; your bank gave it to you personally, after all. But just in case someone else got their hands on it, the machine asks you to enter an extra piece of information that a random credit card thief isn’t likely to know.
Is multi-factor authentication the same thing as two-factor authentication?
The concept is the same, certainly, but there’s a slight nuance between the two phrases. The term two-factor authentication (2FA) predates MFA, and was coined to describe an authentication process with two steps. MFA describes a process with two or more steps.
So 2FA is a category of MFA, but the latter term came in response to the development of processes that used even more methods of verification.
What are the different multi-factor authentication methods?
There are hundreds of MFA methods, but experts generally agree that the vast majority of them fall under three different categories.
Knowledge, or what you know.
With this method, the user proves they are worthy of gaining access to resources because they know a secret. Some of the more obvious examples of this include passwords and PIN.
Another example would be those invasive security questions, when the program asks the name of your first pet that you still miss.
Possession, or what you have.
By having possession of a physical item given to them, users can prove they were given permission to access information, funds, or a physical space. The credit card from the example above falls under this category, as does an ID badge.
Even your possession of your smartphone can serve as an authentication method such as accessing your credit line with ApplePay.
Inherence, or who you are.
This method is the strongest, because you have to literally be you in order to get cleared. The inherence category is almost exclusively composed of biometric identification factors, such as fingerprints, facial recognition, and voice recognition.
An older (and much worse) version of this is your signature.
Fighting the security risks of a remote world.
Because the workforce has shifted dramatically toward work from home the past year (and seems unlikely to shift back), keeping your data secure is no longer as simple as having a strong network security key and making sure certain hardware never leaves the office.
While MFA isn’t necessarily foolproof, the point is that it multiplies the strength of your security. Criminals who had a chance of cracking your employee’s login password now have less of a chance at gaining access to your network if you add a second layer to the process.
That’s particularly important for remote work, since it’s much harder to implement (and enforce) strict security protocols outside the boundaries of your office. You can suffer costs associated with of data loss from a single breach if your employee logs onto an unsecure connection in a coffee shop, or has their laptop stolen.
Whether your employees are onsite or at the park, MFA can help protect you from several common types of cyberattacks, including…
- phishing, spear phishing, and whaling attacks.
- keylogger attacks.
- credential stuffing.
- brute force attacks.
- man-in-the-middle attacks.
- breaches of stolen physical devices.
How Much Risk Are You Comfortable With?
Like science or medicine, cybercrime has evolved rapidly over the past decade. The more your business grows, the bigger target it will become, and your company’s data is only as secure as the practices of your least responsible employee.
Marco offers security-focused managed IT services to help your business. If the security of your information and intellectual property is important to you - get in touch with us today.