Imagine you have a house which you want to protect from intruders. You would lock the door to keep them from entering. If you wanted to be extra secure you may lock the door handle and then lock the dead bolt. In this example the door lock is your password and multi-factor authentication is the dead bolt. In most cases the door lock will work fine, but if an intruder really wants to get in, the dead bolt may be the only thing keeping the door from being kicked in.
Password security is an issue addressed by many companies to the extent that now most services will not let you create an account or reset your password with a weak password. Typically it must meet some requirements - a character minimum, upper and lower case letters, numbers, special characters or a combination of these. We are reminded not to share our passwords or leave them on a sticky note on your desk. Even if you do all the right things and have a strong password, it still can be compromised. As technology and practices for password security grow and advance so do cybercriminals’ methods of stealing these passwords. If you have multi-factor authentication enabled you are adding another layer of security to your accounts safe even if a cybercriminal somehow does get your password.
Multi-factor authentication works by securing your account with a digitally produced 6-digit code that resets every 30 seconds. After you have entered your initial password, you are then prompted for the MFA code. This is often stored in a secure app on your smart phone but can also come as a text message or a call to your phone with an automated message giving you the code. The method used is set by you and depends on the MFA options each service provides.
This 6-digit code is then needed to complete your login. The code expires and is regenerated every 30 seconds. This makes it impossible for a cybercriminal to guess or hack. Because you set it up with your phone number or MFA app on your phone, the cybercriminal would need to first get your password, then when prompted for multi-factor authentication, they would have to physically steal your phone to get the MFA code. This second line of defense makes a big difference and often will stop cybercriminals in their tracks.
Real World Application
Currently, many people are working from home and are accessing work resources from their home network. This may not be as a secure as the network at your office and multi-factor authentication is recommended for users that are working from home to help protect your company’s data.
Many email services offer online access to a user’s inbox so they can have greater accessibility to their email. This means is you can login into your email from a web browser off campus from school or work. If a cybercriminal steals a user’s credentials, they will use the information to gain access to email accounts, meaning if they get a password, they do not have to physically go to that computer to get into Outlook. This presents a big problem as the user would likely be unaware of the thief accessing their email account. Multi-factor authentication is a simple solution to this problem. If your email service provides or allows online email access, having multi-factor authentication required is strongly recommended. This way if a password is stolen, the hacker must then enter the MFA code in order to access the account.
Conclusion
Yes, multi-factor authentication does add another step, and sure, it can be annoying sometimes. Ultimately security isn’t about convenience but protecting your data. Even if your company does not have work-from-home employees or remote email access, multi-factor authentication is still recommended for your environment. It is a simple step that can keep your company and you safe from a potential compromise. Contact the experts at Rhyme to learn more.
Source: Collaborance