It's Saturday afternoon. You're at the grocery store, standing in line at the check out as you typically do. The friendly cashier asks you to slide your debit card in the point-of-sale system. Chip or slide. You chose the chip option, and then you punch in your pin number. The transaction was approved.
Later, you go home and log into your investment account online. You forgot your password (sigh!), so you click the password recovery button. It prompts you to enter your user name and answer a security question: "What was the name of your first pet?" Fluffy.
Then, you receive a code to your cell phone: 68902. You enter the code, and, voila, you can renew your password.
Sound familiar? These scenarios are examples of multi-factor authentication, or MFA for short. It's an essential extra step, making it harder to get unauthorized access.
Continue reading to see the fourth article in our 11-part blog series in support of our guide, Foresight 2020: Top 11 Cybersecurity Actions Every Company Should Take.
How MFA benefits both individuals and businesses
In short, multi-factor authentication is an extra verification step or steps taken when you want to help protect access to an account. When MFA is enabled, it requires you to present additional information before accessing an online account. Think of it as an extra layer of security for your protection, reducing fraudulent activity.
A very common way of thinking of MFA is that it is a combination of something you know (like a password), something you are (like a fingerprint or a retina scan), and something you have (like a key or a security token). Some MFA options are:
- Biometrics. Using your fingerprint on your smartphone is a popular way to log into your various accounts. Facial recognition, retina scans and voice verification are other examples.
- Numerical pins and passwords. Implementing a numerical code that only you know will increase your security. Complex passwords featuring different characters in addition to pins are helpful in deterring hackers.
- Secret questions and answers. When it comes to security questions, it's advisable to not use any easy to find out questions such as the city you were born. Be sure to utilize unknown facts about yourself, information that a quick internet scan cannot uncover.
Yes, it takes more effort, but businesses, organizations and individuals can greatly benefit from implementing MFA. The extra time you put into safeguarding your information will help keep the hackers away.
In fact, NIST (National Institute of Standards and Technology) highly recommends using MFA on all online accounts. This also includes any of your cloud-based ones, which store massive amounts of data and are gold for cybercriminals.
The various steps involved means that a hacker most likely will not be able to break into the accounts. Protecting yourself, and your business will prove to be a life saver in the event of a breach.
Passwords are not enough
In a perfect world, we could use one simple password that's easy to remember. But in reality, hackers know how to figure out passwords. That's why a simple password does not provide you with the security you need.
A complex and long password is better. What's great? You guessed it...multi-factor authentication.
View the replay of our webinar on Life After Passwords.
MFA stops a high percentage of hackers' automated attacks. Yes, hackers are using automation around the clock to do their dirty work.
One hacking technique is called password spraying, and MFA is the solution as it prevents hackers from using a simple method to break in. We've covered how to protect your business from password spraying in this previous post.
For tips on better passwords, read our popular blog post "Unpacking the NIST Password Requirements."
When in doubt, find an expert
While the FBI has warned that cybercriminals know of ways to work around MFA through social engineering efforts, it's highly advisable to turn to IT security experts to take care of your sensitive data.
Remember, all it takes it one breach to destroy all the hard effort you've put forth. 24By7Security is your first line of defense. Call us today for a consultation.