MFA- What You Should Know
Credential (or password) breaches are at an all-time high and are responsible for more data breaches than any other type of attack
In a world where data and business processes are increasingly cloud-based, a user’s password is the fastest and easiest way for malicious actors to gain access to information.
Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.
How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).
The use of two-factor authentication poses a significant barrier to cybercriminals even if they have a legitimate user credential. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.
MFA: What Are the Three Main Methods?
Multi-factor authentication is an important part of securing your business, but you shouldn’t assume that all methods are equal when implementing it. Some are more convenient than others and some are more secure.
Here are three methods to consider:
The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user.
MFA typically requires the user to enter their mobile number. Then, when the user logs into their account, they will receive a text message with a time-sensitive code that must be entered.
Some types of MFA will use a special app to push through the user’s unique code. The user still generates the MFA code at log in, but rather than receiving the code via SMS, it’s received through the app.
This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.
The third key method of MFA involves using a physical separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.
The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.
What are the main differences between the two methods?
Most Convenient Form of MFA?
When we’re working, it’s often a nuisance to try to remember all of the passwords and rules around them. Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key.
User inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.
If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS (or text)-based MFA.
Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.
Most Secure Form of MFA?
If your company handles sensitive data in a cloud platform, such as your online accounting solution, then it may be in your best interest to go for security.
When it comes down to it, the most secure form of MFA is the security key.
This is because the security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a lost or stolen phone. Both SMS-based and app-based versions would leave your accounts at risk in this scenario.
The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.
A Google study looked at the effectiveness of these three methods of MFA in blocking three different types of attacks.
What they found was that SMS-based MFA blocked between 76 – 100%, the on-device app prompts blocked between 90 – 100%, and security key MFA blocked 100% of all attacks! So, Ultimately, the security key was the most secure overall.
Looking for Help Setting Up MFA at Your Company?
Multi-factor authentication is a “must-have” solution in today’s threat climate. Working with Grapevine MSP, California’s Central Valley’s leading IT service for security-minded and forward-thinking businesses is your best bet to help keep your company safe.
Contact us at 661-369-8427 or send us a message online. Let’s put technology back in your driver’s seat so that your business can compete, grow, and stay safe!
Let’s discuss your barrier points and come up with a solution together to keep your company better secured.