Multifactor authentication, also known as MFA, two-factor authentication, 2FA, two-step verification, or dual-factor authentication, is a security protocol that requires more than one type of security action to ensure one has the proper access to a website, tool, account, etc. Using a dual-factor approach is one of the most effective approaches to protecting what is yours.

Today’s businesses are frequently trolled, and attempts are made to breach our online resources. In fact, according to duo.com, ‘more than 80% of hacking breaches involve brute force attacks or the use of lost or stolen credentials.’ A brute force attack is a hacking method that uses repeated approaches to crack passwords, login creds, and encryption to gain access. While this approach may sound remedial, it is effective and popular for hackers everywhere. But just as on the playing field, one of your best defenses is a good offense. Hence, there is a need for a multifactor authentication process.

Types of Multifactor Authentication

The use of only a username and password is no longer enough. Today’s safety/privacy-consciousness company must implement, at minimum, a 2FA. But what does this look like? Typically, setting up two-factor authentication will fall into three types:

  • Something one knows—A password or PIN set up upon creating the account. If a password is used, be sure it contains at least ten characters, is complex, and contains a mix of numbers, letters, symbols, and cases. Studies have found that a password meeting these criteria can take five years for a brute force attack to crack. If the password is 18 characters, it takes 7+ years.
  • Something one has – Could be a smartphone, a smart card, or a token of some sort such as a Yubico key. Ideally, it will be an item capable of generating single-use codes.
  • Something one is – This will be a fingerprint/retina scan or facial/ voice recognition.

In some cases, two other types may be used_ location and time. A Location Factor is achieved by requiring specific devices to be in a particular geographical address, which is determined via GPS data. A Time Factor only allows logging in during a specific timeframe.

Each of these forms of authentication has pros and cons, so you will want to keep the following in mind as you determine which approaches to use.

Something one has:

Pros:

  • Tokens or other items are at a lower risk of remote attacks
  • Codes can be generated locally without the need for WI-FI access.
  • A specific phone or app is not required.
  • Most people carry a smartphone, which makes it a convenient option.
  • A single app can generate codes for numerous accounts/users.

Cons:

  • It can be inconvenient, as one must carry an extra device or card.
  • One must intentionally perform back-ups or transfer the information if a new mobile device is used.
  • Risk of the SIM card being hijacked.

Something one is (Biometrics)

Pros:

  • Ease of use
  • It is not easily duplicated
  • No codes to remember

Cons:

  • Storing biometrics poses privacy concerns as biometric data cannot be changed or reset like a password.
  • There are scenarios where false positives or false negatives can occur.
  • Not every device is designed to support biometrics.

However, a 2FA is only as strong as its weakest element. For example, having a token or card as part of the MFA means that a third party must manufacture the item. If that 3rd party is ever breached, your company is at risk. Fortunately, these companies take data security seriously and implement numerous preventative measures.

Why is Multi-Factor Authentication Important?

Consider these statistics from Pulse Technology regarding 2FA:

  • Only 13% of small to medium-sized businesses require employees to use two-factor authentication.
  • 2FA blocks 99% of automated attacks.
  • Two-thirds of Americans use the same password across multiple accounts; more unbelievable is that the most common password is “123456”.

Just as you wouldn’t leave the doors to your home unlocked when you go on vacation (or even when you are home), you shouldn’t leave your accounts unprotected against a cyber threat. Using MFA is the same as having a deadbolt, a keypad, and perhaps a sliding lock on your home’s doors.

Setting up MFA is a simple way to improve your company’s security. It significantly reduces the risks of a data breach and helps prevent the use of common passwords. However, dual authentication offers other advantages.

  1. Reduce cyber breaches from outside the office – While working from home has been common for some time, 2020 made remote work more common. However, this business model can open you up to various security breaches. Now, instead of a secure network at the office where people access cloud-based accounts, employees are going to cloud accounts from their devices. The ‘ease of access’ can leave your company vulnerable- especially if people are logging in from public access points (coffee houses, the library, etc.).
  2. Bad passwords—Use 2FA to lower the risks of easily hacked passwords. Most dual authentication programs will reject easily hacked login credentials or will let the user know during the set-up process that the credentials they want to use need to be more difficult. Remember, the longer and more involved a password is, the better.
  3. Preventative against phishing – Phishing is a standard trick hackers use to trick someone into revealing their password. Using MFA requires a hacker to have all the pieces.
  4. Protect sensitive information – Not only does 2FA protect your company’s financial accounts, social media accounts, healthcare records, emails, etc., but it also protects your client’s info.
  5. Meets compliance requirements—Some industries have specific regulations that mandate dual-factor authentication. Failure to have 2FAs can result in legal/financial repercussions.

When one considers the potential for being hacked due to a lack of password security, it is clear that there must be a better approach. Swapping to two-factor authentication is one of the best proactive measures you can take as a business owner. Sure, it will take some time and perhaps some expense to implement, but if it protects you and your clientele, then it is worth it.