Why you need Multi Factor Authentication

Multi Factor Authenticator - how it works

Multi Factor Authenticators: an effective cyber security tool

What is Multi Factor Authentication?

Multi Factor Authentication (MFA) is an added security layer through a dedicated additional process when accessing digital applications or sources. The purpose is to enable an added check to prove the identity of the user before potentially permitting access.

The login process will look like the diagram below:

Multifactor Authentication login process
The Multifactor Authentication Process

When the user is attempting to access a product or service with MFA applied, the added layer will request a piece of identity “evidence” from a different category: something they know, something they have or something they are.

Should the user attempting to gain access not have the correct answer when prompted (usually through recognised credentials or an assigned MFA tool), then they are prevented access. This can be particularly beneficial against hackers or other unauthorised users who may have already compromised the initial barrier – such as a password or similar.

What are the benefits of Multi Factor Authentication?

Everything in the digital space has or needs a password. It is the most common way to authenticate your online identity. However, as threats to cyber security have continued to increase and hackers become more sophisticated, the simple form of password protection is becoming recognised a no longer enough alone.

Once a password is discovered, stolen, or simply shared accidently, the individual or group can access anything associated to where the password applies. With many people using the same password or simple variations across multiple devices or applications, once one is known by a potential hacker it can lead to a myriad of complications and data breach situations.

Recent surveys in user password practices found 72% of users reuse the same password across four or more accounts. While 69% admitted to sharing business related login credentials with a colleague.

In a 2020 Verizon Data Breach Investigations Report, stolen login credentials were confirmed as the top tactic used by hackers to achieve data breaches. This continues to be the most common cause of breach situations recognised by the data security industry.

Sourcing password information or gaining access is accomplished by a range of tactics by hackers including phishing attacks, brute force attacks, web app attacks, point of sale instructions and even stolen hardware. From the same password practices survey, 44% of those involved had experienced a phishing attack at work. While following the increase in online shopping habits during 2020-2021, the wave of phishing attempts by users using an imposter tactic of some of the major logistics firms became national news to help stem the criminal impacts in the UK.

How does Multi Factor Authentication work?

When a user is seeking access, authentication protocols will require at least two of three different categories or factors to be recognised. Multi Factor Authentication can use any number of these three categories, while two-factor authentication methods (a subset of MFA) only require two.

This format is using a combination of the following:

The three categories for multifactor authentication
The 3 Multifactor Authentication Categories

What you know – the most common is of course the password, but as we’ve shown earlier this is not always the most effective. Other options such as a pin or even a phrase that is more engineered to something only you know can be a beneficial barrier against unauthorised access.

Organisations have used similar authentication questions such as “what is your mother’s maiden name?” but as many will have seen over the years, this is not fool proof and with a little digging of the users basic personal information can enable hackers to find the answers.

What you have – a physical barrier to unauthorised access using an item such as a key fob or mobile phone can be very effective. The likelihood of this getting into the hands of the potential hacker or individual with negative intent is very low. Typical physical solutions can include a mobile authentication app or readable item such as a staff card.

What you are – generally a unique physical identifier of authentication, this may be reserved for more extensive, sensitive data security to require a form of biometric authentication requirement. Anyone who has seen a movie on spy’s or espionage will have seen this in place in a more extreme sense but is becoming more accessible to a wider pool of businesses.

Though there are a range of possibilities across the three categories, evaluating the relative strength, costs and benefits it would bring to the user and the company will determine the best course of action to adopt.

Where can it be used?

Almost all digital applications or security tools will now offer the means to include multifactor authentication. A typical example of this would be in an office environment and the most common application – Microsoft 365 and Microsoft Authenticator.

Step 1: Open an application or browser to access your Microsoft 365 account

Step 2: You enter your username and password

Step 3: A prompt will appear requesting to verify your identity with your authenticator app code

Step 4: Open Microsoft Authenticator app on your mobile device or wait to receive an SMS message to see your time-sensitive code number.

Step 5: Type the code in the prompt and complete login

If all correct, you will now have access to your Microsoft 365. The above steps will only apply if multifactor authentication is enabled. This can be organised either via your application and supporting providers if personal accounts, or through your IT support for professional/corporate accounts.

How can we help?

Information Solutions customers can benefit for our dedication data security packages including Microsoft 365 license and security support.

To find out what data security solutions we can offer your business, speak to the team for a bespoke quote to meet your organisations needs.