With phishing attacks accelerating and related fraud-losses approaching $4 billion, the case for using multi-factor authentication (MFA) to protect businesses against ambitious hackers has arguably never been stronger. MFA, sometimes known as 2FA or two-factor authentication, adds another layer of protection to the traditional account login. The precaution requires users to offer two of three credential types before access is granted: 1) something you know (PIN, password or pattern); 2) something you have (smartphone, fob or ATM card); and/or 3) something you are (usually a biometric factor, such as a fingerprint or voice print).
If credentials are accepted, the user receives a unique numeric code via text (SMS), which is inputted to complete verification and login. Not surprisingly, tech giant Microsoft, whose cloud services are targeted by fraudsters some 300 million times every day, is one of MFA’s biggest proponents. "Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA," says Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft. Even if hackers have a copy of a user's current password. On the subject of MFA’s effectiveness, research from another tech titan, Google, shows that “Simply adding a recovery phone number to your Google account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks [that occurred during our investigation]." Of course, such accolades make MFA/2FA seem like a no brainer, which it is for companies that want to better secure user account logins, organizational email accounts and financial transfers requiring executive approval. Yet, as with most cybersecurity measures, there are considerations and nuances that must first be addressed by an IT Managed Services Provider (IT MSP) or other security pro.
Even if you’ve previously implemented an authentication solution, you should still consider contacting an IT MSP, as attacks on companies with MFA in place have (predictably) soared in recent years. Should multi-factor authentication be part of your cybersecurity strategy? Give us a call and let’s find out.