What Is Multifactor Authentication And Why Is It Important?

What Is Multifactor Authentication And Why Is It Important?

Throughout the years, we’ve enjoyed the use of technology in our daily lives from ordering food from an app to keeping up with friends and family via social media. Technology has made a lot of things easier and very convenient for all of us. However, along with our accounts, we store personal, financial, and other sensitive information which makes things more convenient, but it also may be a risk that hackers can take advantage of. 

While many of us use technology for its convenience, there are attackers out there looking to steal valuable data. One attack vector hackers can try to exploit are our user accounts such as banking and cryptocurrency. We generally expect our accounts to only be accessed by us or any users we authorize. While we can never get rid of malicious attackers, we can take steps to minimize risk. We can take one of those steps to enable multifactor authentication for all of our accounts to add an extra layer of protection. 

What is Multifactor Authentication (MFA)?

Multifactor authentication is a method that requires you to provide two or more verification factors to gain access to a resource such as an application. It may seem like an inconvenient step to access your accounts, but the security it provides far outweighs any small inconvenience. 

How Does MFA Work?

MFA works by having multiple authentication methods in place to provide assurance that a user is legitimate. While there are various multifactor authentication methods, these are a few common ones:

Something you know: This can be something you know such as a password or answer to a security question. 

Something you have: Refers to anything in your possession that you can use to further authenticate yourself such as Google Authenticator to input a one-time code you received for the account. 

Something you are:  Anything that requires the user to verify using biometric data such as their fingerprint and face. 

Other forms of multifactor authentication include a user’s physical position and social login that uses information from social networking sites to facilitate logins on third-party applications. Regardless of other authentication methods, users should implement multi-factor authentication for better security. 

Why is MFA important

Contrary to popular belief, MFA is not a way for your workplace to give you extra work to log into an account, rather, it is to enhance your security and minimize the risk of your account being compromised. If your password is too weak, attackers can use attacks such as brute force to get access to your account. As technology continues to evolve, the sophistication of attackers is evolving, too. Now, there are automated tools that can crack passwords with ease and if your account(s) gets compromised, you can lose valuable data and money. 

In an RSA security conference in 2020, Microsoft engineers reported that 99.9% of the compromised accounts they track every month do not use multi-factor authentication. If MFA had been in place for these accounts, most of the automated account attacks would have been stopped. As a result, Microsoft strongly recommends enabling multifactor authentication to minimize the risk. 

What are you risking by not using MFA?

Without MFA, you are taking a gamble that attackers will not be able to compromise your account with only your password protecting you. Some true and common information security incidents due to not having MFA enabled include:

  1. A customer discovers that someone emptied their checking/savings account: There have been investigations of customers having their funds taken from their accounts. This would shock anyone as everything you may have can be taken without notice. Upon investigations into these cases, the banks find a common reason for the breach: the customer’s username and password were reused for many accounts and stolen from a hacked WordPress site. The hackers would then take the stolen username and password and use a stuffing attack that uses the credentials at many websites until one account unlocks. Even if hackers took the username and password, they would not be able to log in if MFA was enabled such as a one-time password or code.
  2. An organization discovers its confidential intellectual property (IP) available for sale online: An organization found out that a phishing attack took the username and password from an employee’s VPN account from overseas. With MFA, the attacker would not be able to access the account without further verification. 
  3. A company gets hit with a ransomware attack: A company worked tirelessly to respond to a ransomware attack. It was discovered that the hacker compromised a poorly patched server and harvested credentials from an administrator. The hacker then used the stolen credentials to carry out the ransomware attack. If MFA was enabled on the administrator account, the attacker would not have been able to release a ransomware attack. 

Leave a Reply

Your email address will not be published.

(202) 318-6114