What is Multi-factor Authentication and why your business needs it

By Luke Smits - Founder & Operations Manager
multi-factor authentication, two-factor authentication

Why your business needs Multi-factor Authentication

If you're following hot topics in the technology space, then you'll no doubt have come across the concept of cyber security.

Put simply, cyber criminals are hard at work, coming up with new ways to steal from your business. No matter how large or small you are your business could be in the firing line. From ransomware and phishing scams to the Windows 7 end of life, the cyber threats your business faces are many.

But there are also many ways you can protect yourself, your business and all that critical data.

One of these ways is Multi-factor Authentication. So, what is it and why is it important to your business?

The problem with passwords

Matching a password to your user name is an example of single-factor authentication. This means it's you, matching just one thing to verify yourself online.

Lots of us use our email address as our user name when logging into any technology platform. Other examples of user names are the eight or so digits your bank gives you for online banking that you then match with a password or passcode to gain access.

Single-factor authentication matches just one thing to another. Your username to your password. The problem with this is that the discovery of your password is the only thing that stands in the way of a cyber criminal getting access to your Gmail, Office365, Hotmail or Outlook account. This is why it's not a good idea to use the same password anywhere, even more so if it's an easy one to guess (your pet's name plus your birth year or any similar, familiar combination are not safe password choices!)

In fact, if you have an old password you use across multiple sites, then it's only a matter of time before your account is compromised. Stop reading now and change your passwords!

And while you're there, you should implement additional two-factor or Multi-factor Authentication on any site that gives you this option.

Two-factor Authentication (2FA)

This type of authentication has been around for some time now, and it's a significantly better line of defence than a password alone.

As the name suggests, two-factor authentication (or 2FA), requires two pieces of identification to verify who you are online. Most commonly, 2FA consists of your (very secure) password (that you don't use anywhere else), along with a code that is sent via text to your mobile phone, held by the user (in the form of a USB for example) or delivered via an app like Google Authenticator, Microsoft Authenticator, Authy or LastPass.

For the most part, 2FA is pretty secure. Any attack to steal your information will require the attacker to not only know your rock solid password, but also somehow capture the code sent to your mobile phone or authenticator app.

While it's currently a rare occurrence, it is possible for a clever cyber criminal to get your mobile number. If they can access your mobile phone account, there is the possibility that they can view incoming and outgoing text messages without having access to your actual phone. This is made much more likely if you have a weak password (remember that old password you maybe use across multiple sites? Here's another reminder to change it.)

There's no doubt that 2FA is pretty awesome when it comes to protecting your data. But because cyber criminals never rest, neither do developments in security technology.

This is where Multi-factor Authentication comes in.

So what is Multi-factor Authentication then?

Multi-factor Authentication (MFA) is starting to become much more prevalent. If you've bought a new mobile phone in the last four years, you'll actually be more familiar with the technology than you think.

This is because MFA uses three factors to verify your identity, thanks to the addition of something unique to you. We're talking your face, your eyes, your fingerprint.

Yes - MFA means biometrics.

So, as well as needing to crack your password and hijack or clone your phone, cyber criminals will also have to somehow steal your fingerprint or trick a facial recognition scanner.

Now if you're movie buffs like us, your mind will instantly jump to the part where the bad guy cuts off a thumb (or something worse) to trick the scanner. In reality, this is just for the movies. But - it is pretty much what they'd need to do though to break through Multi-factor Authentication.

Without you physically in front of the device that is trying to access that account, open that door or unlock that cabinet, then it's extremely unlikely that an attacker will be able to gain access.

How can Multi-factor Authentication help your business?

If you're a business that handles critical data (and here's a hot tip - most businesses handle some sort critical data), then it's time to start thinking about how you might be able implement MFA in your business.

Not only will it add an extra layer of security to your business data, but many business insurance policies now require businesses to be implementing 2FA or MFA to remain insured. You might also find that medium and large companies require these authentication protocols to be in place if you want to continue to trade with them.

And because there have been instances where 2FA codes have been hijacked, a push towards MFA is a not-too-distant reality. Multi-factor Authentication means increased security for your business. With all the cyber threats in existence today, any form of authentication protocol which helps you do this, should be something you take full advantage of.

Make it a priority to speak to your IT team about how Multi-factor Authentication can protect your business. You'll be surprised how easy and cost effective it actually is.

Finally, if you've made it to the end of this article, and you still have a password you know you should change, then don't wait any longer! Get going!

Back to News