MFA stands for multifactor authentication, which is also sometimes referred to as “two-factor authentication”. When you sign in to an online account, such as Microsoft 365, you authenticate by using a username and a password. Multifactor authentication operates by requiring more than just your username and password. It requires you to have a second factor of authentication in order to allow you to sign in, hence the name “multifactor”, or multiple factors.
Exploring the Three Categories of Authentication Factors in MFA
The factors of authentication fall into three categories. Something you know, something you have and something you are. Something that you know would be a password or a pin. Something that you have would be a physical object such as an authentication app, a smartphone, or a secure USB key. Something that you are would be a biometric verification, such as a fingerprint or facial recognition.
Understanding the Inner Workings of Multifactor Authentication (MFA) for Enhanced Online Security
MFA works by requiring a second factor of authentication before it lets you sign in to an online account. For example, when you log into an online account you would be prompted to enter your username and password. After the username and password are authenticated, you are then prompted to verify a second form of authentication. The two most common forms of secondary authentication are a text message code, or an authenticator app. In this case, you would open your phone and enter the 6-digit code in the authentication app, or from your text message that was delivered.
With MFA enabled, if someone else were to try to sign in as you, they would not be able to provide that secondary authentication in order to log in. This simple added layer of security can block over 99.9% of account compromise attacks.
Exploring the benefits of using MFA.
As an individual, MFA is going to easily provide an additional layer of security to your online accounts. Additionally, for a business, it is going to provide protection against weak employee passwords that might be easier to guess or hack. It also gives protection if employees are logging in remotely from their own devices which may not have the same security tools as a company issued device. MFA will also allow your currently implemented security tools to work properly along with acting as a warning system if users are receiving authentication requests when they are not attempting to log in. As good as antivirus and firewall systems can be, if a hacker can gain access to the system by logging in as a user, they aren’t going to be effective. If your company handles or stores sensitive data, such as medical records and personal or financial information, MFA is typically required to stay compliant with state and federal laws.
Why MFA is necessary despite having complex passwords
Most people think that simply having a list of complex requirements for password creation will lead to them being harder to hack, however in most cases this creates a habit of the opposite. When people are forced into creating passwords they don’t want to use, they tend to fall into a lot of the same pitfalls when creating it.
Most users will fall into the same password structure with having an uppercase letter in the first position, along with either a number or special character in the final position. Requiring a long password can lead to users writing it down or storing it in a plain text document. Requiring special characters can lead to users using the same dictionary substitutions ($ for S, @ for A, 1 for L, and so on) to implement the special character. Requiring the users to change their passwords every 30 days will typically lead to the user’s using the same password over and over with only a minor change, such as a different number or character at the end of the password. Microsoft password guidelines no longer recommend forcing users to change their passwords frequently.
Hackers that know this will use it to their advantage to make it easier to guess your password. This isn’t to say that your business shouldn’t require a strong password for its users, but simply that MFA will prevent anyone else from logging in even if they are able to figure out the password.
The Overall Importance of MFA
MFA is an inexpensive way to add another layer of security to your business. You can also use MFA to secure personal accounts such as Facebook, Twitter, Amazon, your bank, and many others. A breached account is often the most exploited method used by attackers to target companies. MFA can easily add another layer of security to make it a lot harder for bad guys to accomplish this.
Want more information about MFA?