Full Series | Previous | Next
For part of my career, I worked as part of an enterprise identity engineering team that would constantly tout the benefits of Multi-Factor Authentication (MFA) to every department we engaged within the business. It was such a phenomenon that internally, we would refer to this simply as MFATS, which shrewdly stood for MFA That… Sh*t. In our minds and our IT leadership, It was so critical to the success and security of that particular organization our group had been delegated the goal of applying MFA to every single application used in the business.
“The use of multi-factor authentication significantly reduces the likelihood of unauthorized access to a system or network.”
National Institue of Standards and Technology
What is Mulit-factor Authentication?
Multi-Factor authentication (MFA) is a security process that requires people to provide more than one form of authentication to access a system or service. It is designed to add an extra layer of protection to prevent unauthorized access to sensitive information and to reduce the risk of account takeovers.
Real-world scenario
Imagine that Janet is an employee at a company that uses MFA to protect its online accounts. One day, she receives an email that appears to be from her company’s IT department, asking her to click on a link and reset her password. The email looks legitimate, so she clicks on the link and follows the instructions to reset her password.
However, unbeknownst to her, the email is a phishing attack, and the link leads to a fake website created by an attacker. The attacker has now obtained Janet’s password and is trying to use it to log in to the company’s online accounts.
Thanks to MFA, the attacker cannot gain access to the company’s accounts. When the attacker tries to log in with Janet’s password, the MFA system prompts them to provide a second form of authentication, such as a code sent to her smartphone or a fingerprint scan. Since the attacker does not have access to Janet’s smartphone or her fingerprint, they are unable to complete the MFA process and are unable to log in to the company’s accounts.
By requiring more than one form of authentication, MFA makes it much harder for hackers to gain access to a system or service, even if they somehow manage to obtain a password. This is why MFA is often recommended for protecting online accounts and sensitive information.
What makes MFA so powerful?
Several factors make multifactor authentication (MFA) such a powerful security tool:
It adds an extra layer of protection
MFA requires users to provide multiple forms of authentication rather than just a single password, making it much harder for unauthorized individuals to access a system or service.
It helps prevent account takeovers.
MFA reduces the risk of account takeovers by requiring a unique authentication method for each account. If a hacker somehow manages to obtain a password, they will still be unable to log in without the second form of authentication.
It protects sensitive information.
MFA helps protect sensitive information by requiring unique authentication methods for each account. This means that if a hacker can crack one password, they will not be able to gain access to other accounts.
It’s becoming the norm.
More and more companies are starting to require MFA for their employees, and this trend will likely continue. You’ll be ahead of the curve and better protected against threats by using MFA for everything now.
Types of Multi-Factor Authentication.
There are several types of authentication factors that can be used in multi-factor authentication (MFA):
Something you know
This could be a password, PIN, or security question. It is a form of authentication that requires you to recall or provide something you have learned. This is typically something you never share with anyone else.
Something you have
This could be a security token, smart card, hardware key, or smartphone. It is a form of authentication that requires you to physically possess something to authenticate.
Something you are
This could be a fingerprint, facial recognition, or voice recognition. It is a form of authentication that requires you to physically present a part of your body to authenticate.
In higher-security MFA systems, you are often required to use a combination of these authentication factors, requiring you to provide more than one form of authentication to access a system or service. For example, you might be required to provide a password, and a code sent to your smartphone, which is protected by a fingerprint or facial recognition, to log in to an online account.
Take inventory of your accounts.
Before enabling MFA on your accounts, take some time to take inventory of all your accounts that you would like to protect with MFA. Here are some account types you should enable for MFA:
-
Financial information, such as banking, credit card, and investment accounts
-
Personal identification information, such as social media and email accounts
-
Professional accounts, such as work email and collaboration tools
-
Online shopping and payment accounts, such as e-commerce and digital wallet accounts
Do the best you can, and be mindful when signing into your accounts at your computer or on your phone. Stop to think if you were prompted for an MFA challenge request. When in doubt, log out. When entering your password, if you are not prompted to prove who you are, check to see how you can enable MFA for that account.
While multi-factor authentication (MFA) is an important security tool, it should not be the only measure you take to protect your online accounts and sensitive information. It’s still important to use strong, unique passwords, regularly change them and use a password manager to secure your accounts further. Using MFA and strong passwords provides the most comprehensive protection for your online accounts.
How can you set up MFA?
Every application or system may have different methods that they support for sign-in, so detailed instructions for all of your apps are beyond this article’s scope. However, below are some high-level steps to enable MFA.
For Microsoft 365, check out Microsoft’s video here.
For Google Workspace, check out Google’s document here.
High-level steps to turn on MFA for your apps:
-
Determine which MFA methods are supported by the system or service you want to protect. Some standard MFA methods include security tokens, text or email codes, smartphone apps, fingerprint scans, or facial recognition.
-
Sign in to the application with your account and navigate to the MFA settings. This location may vary depending on the application.
-
Follow the prompts to set up your preferred MFA method. This may involve installing a smartphone app, confirming a text or email link, registering a security token, or enrolling your biometric data.
-
Test your MFA setup to ensure it works correctly by logging out and back in. Be sure you are prompted for the MFA challenge that was set up on the next login.
Keep in mind that setting up MFA may involve additional steps depending on your application. Some applications have support resources for the specific application with more detailed instructions.
How StrataNorth Can help.
If you are ready to transform your business’s security landscape and are looking for experts to guide you, StrataNorth has security consultants with decades of experience. We can help you reach security nirvana and give you a roadmap for success. Reach out for a no-cost, no-obligation chat with a security expert today.