During the COVID-19 pandemic, there have been massive changes in the way we work, travel and we relate to one another.

All these changes impacted every single business in the world and for this reason, IT departments were challenged. Adoption of new technologies and transformations were suddenly necessary, as a way to provide more flexible and safe platforms for the business.

Remote working wheeled out a term that wasn’t quite familiar for all companies, despite this technology is been used for decades. The concept of MFA (which stands for Multi-Factor Authentication) began to be more popular during pandemic times, as there was an increasing demand to implement more effective measures in opposition to growing cyber threats.

Based on the Cyber Security Breaches Survey 2020 provided by the UK government, almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%).

Among the 46 per cent of businesses that identify breaches or attacks, one in five (19%) have experienced a material outcome, losing money or data. Two in five (39%) were negatively impacted, for example requiring new measures, having staff time diverted or causing wider business disruption. Similarly, among the 26 per cent of charities reporting breaches or attacks, a quarter (25%) had material outcomes and over half (56%) were negatively impacted.

What is MFA?

MFA is an authentication method, that requires the user to provide two or more verification factors for getting access to a resource, such as an application, online account, or remote networks (VPN).

Sometimes known as two-step verification or two-factor authentication (2FA), MFA protects the user from an unknown person trying to access their data, personal ID details or financial assets, for example.

Where remote working is the work-way for many, it becomes important for organizations to focus on security, as usernames and passwords can be vulnerable to cyber-attacks and can be stolen.

Adding an extra layer of protection, is now almost mandatory for any organization.

How MFA works?

Multi factor authentication, requires to users to identify themselves by more than a username and password, enforcing the adoption of an extra factor, which is usually provided by an application, service, or by using a physical hardware key.

The MFA methods

In general, multi factor authentication methodology is based on one of three types, although there can be a mixed of them for extra security:

  • Things you know (knowledge): passcode or PIN for example, or answers to personal security questions, as these are knowledge-based factors.
  • Things you have (possession): such as a badge or smartphone, where you can receive the extra factor for authentication, like OTPs, which re visible from apps, text messages or even by email.
  • Things you are (inherence), biometric like fingerprints or voice recognition.  Inherence factors can be one of the most secure ways for companies to safeguard data and resources.

There exist other types of MFA methods, such as the location-based, or the adaptative authentication method. However, the main methods mentioned above are more traditional across companies these days.

MFA is everywhere

With a growing cloud computing across the world, multi factor authentication has become a must have for any organization. As companies have started to move their systems and infrastructures services to the cloud, they can no longer rely upon a user being physically on the same network, so this extra layer of security must be deployed as part of the login process itself.

MFA Implementation

Several popular web services and cloud solutions employ multi-factor authentication, usually as an optional feature that is deactivated by default. However, many multi factor authentication products require organizations to deploy a client software to make it works.

In order to make the authentication process more secure, organizations can implement this superb extra security layer by choosing one of the following techniques:

  • Time-based One-Time Password (TOTP)
  • Short Message Service (SMS)
  • Electronic Mail (Email)
  • Push Notifications

As a result, the multi factor authentication process will help to ensure that users are who they say they are, by prompting for additional information, that is more difficult for hackers to imitate or use brute force methods to crack.

Summary

Compromised passwords are one of the most common ways that hackers can get at the company’s data, identities, or money. Using multi-factor authentication, sometimes known as two step verification, is one of the easiest ways to make it a lot harder for them.

If your organisation is missing this important security layer, please contact us as soon as possible.