Multifactor Authentication (MFA) or Two Factor Authentication is a method of applying an additional level of security to protect your login credentials. It requires presentation of two or more independent credentials to verify the user’s identity.
In practice this normally means combining two factors; a possession factor, i.e. something you own – such as an ID card, an app or a smartphone, and a knowledge factor, i.e. something you know such a pin code, maiden name or password.
The Aim of Multifactor Authentication
The aim of Multifactor Authentication is to create barriers to anyone trying to access a user’s information, location, device or network without authorisation. The layers of security aim to make this much more difficult to break than just guessing a password.
Access to information via the more traditional method of a password and user ID only does not provide sufficient protection from fraudulent activity, especially as user IDs are often email addresses, which are typically public, and passwords are often stored in a database, and databases are frequently being attacked and compromised – as we saw a few years ago with a large communications company and more recently, a worldwide hotel group – to give just a couple of the many examples.
There are still concerns about the use of biometric information due to the potential of this method of authentication for cloning, for example via material that can take an imprint of a person’s skin.
On their own that is another single point of failure, but when used in a Multifactor authentication setup, this greatly reduces the risk of data and accounts being compromised because it does not rely on one single method of proving your identity.
Two Factor Authentication is increasingly commonplace, so barriers to uptake are receding as people become more accustomed to using the process in their personal lives.
That being said, introducing an additional layer of security at work – especially something that alters the morning log on task – will affect staff and therefore good change management is essential.
Conducting proper training is vital, but so is taking the time to explain to staff why this measure is needed and – more importantly – the consequences of a data breach should a password be compromised, and MFA not be in operation.
Planning the design of the implementation is also a critical success factor. For example, most MFA systems, such as the one included in Microsoft Office 365, can be configured in such a way that staff only need to provide their normal username and password when working from your main company office (which is acceptable as other security measures such as physical entry checks are often in place) but Two Factor Authentication is enforced anywhere else, such as when working remotely.
Equally, the most common implementation is to use a smartphone app such as the Microsoft Authenticator app, which is free to use and simple for the user to set up (they scan a code with their phone camera upon first login and that’s it).
Where staff do not have smartphones, MFA can be configured to send an SMS text message with a one-time PIN code to use, or even set to make a phone call to a landline and read out a code that the user enters to log in – removing the need for smartphones altogether.
At Smartdesc we have implemented MFA for many of our clients, and are happy to share the lessons learnt and best practices on implementing this essential security layer in your organisation.
If you are considering implementing MFA or are concerned about any area of your Cyber Security, contact us for a chat or see; https://www.smartdesc.co.uk/our-services/proactive-services/smartdesc-secure/