What is Multi-Factor Authentication?
Posted on: December 10th, 2019
Many businesses have not yet implemented one of the most straightforward security tools for protecting sensitive business data and safeguarding accounts: Multi-Factor Authentication (MFA). But what is Multi-Factor Authentication?
What is it?
MFA is an additional layer of security, on top of the standard username and password. For instance users are prompted to enter additional information before they can access their account. This is usually in the form of a text message, email or push notification to their mobile phone. The authentication factors must come from two or more of the following:
- Something you know (e.g. password or PIN)
- Something you have (e.g. physical token or smartphone)
- Something you are (e.g. fingerprint or iris scan)
Many of the latest MFA solutions also consider additional factors, such as when/where you are obtaining access and what device you are using. This takes into consideration the context to flag any logins that are out of the ordinary, often requesting additional information or credentials to login.
Why is it important?
Above all, the goal of MFA is to create a layered defence, making it more difficult for an unauthorised person to access a device or network.
Unfortunately, employees often make it easy for hackers by using weak passwords, using the same password for an extended period, storing passwords in insecure locations, or using the same password for multiple accounts.
Furthermore, sophisticated attacks have the power to test millions of passwords each second, and these vulnerable and weak passwords are easy to hack. Around 90% of passwords can be cracked in less than six hours. The Australian Cyber Security Centre recommends that MFA is, at a minimum, implemented for remote access solutions, users performing privileged actions and users accessing sensitive information.
Many employees are already accustomed to MFA in their personal lives, with most banks, social media accounts and emails already utilising these security measures. While MFA doesn’t guarantee security or stop all attacks, it is an excellent additional layer that makes cyberattacks more difficult. Your account becomes far less attractive to hackers, reducing the risk significantly.
Back to all blog posts