When you enable Multi-factor authentication (MFA), you are in fact adding a critical layer of identity management confirmation to your organization, but it is not foolproof. By requiring multiple forms of verification, MFA ensures that digital identities are more secure, significantly enhancing an organization’s defense against unauthorized access. This article reviews the strengths and potential weaknesses of MFA, especially for small to medium-sized organizations.
What Is Multi-Factor Authentication and Why Enable It?
Multi-factor Authentication or MFA refers to using two or more types of user verification factors (e.g. something they know and something they possess) before access is granted to a website, application, account, or other digital service.
It provides an additional layer of security to prove that the user is who they say they are and not an impostor. Even if a user’s first layer of credentials is compromised, attackers cannot access company accounts and information without that second or third piece of authenticating data.
For example, to gain access, in addition to entering a username and password (what they know), a user can receive a one-time code to their phone via an MFA application such as Google or Microsoft Authenticator or SMS Text. Increased security can also be gained by using a YubiKey. Yubico is a leader in MFA hardware solutions.
The user possesses a YubiKey loaded with the user’s authentication information. In addition, mobile solutions also provide biometric fingerprint and facial scan solutions as a form of MFA. It is encouraged that MFA is enabled whichever login method is used.
The Benefits of Enabling Multi-factor Authentication (MFA)
MFA offers several benefits to organizations, including:
- Adds an extra layer of identity management to confidential digital assets. Even if a username and password are stolen, attackers need another credential to enter the network. According to Microsoft, MFA can prevent 99.9 percent of attacks on your accounts.
- Supports remote workers and mobility. With more people working from home, hackers increasingly try to intercept credentials on unsecure network connections. MFA solutions can be additionally configured to verify things like location and device so the organization can confirm it is an authorized user working from a known location.
- Control and traceability over access. MFA gives a company complete control over who can access digital assets and a record of every login.
- Aids in regulatory compliance. MFA helps businesses comply with federal and institutional regulations (e.g., HIPAA) regarding privacy and cybersecurity. It can be a requirement for cyber insurance coverage.
- Insulates against threats from lost or stolen technology. Should a mobile phone or device be stolen or misplaced and the screen lock be hacked its information remains secure if an external MFA verification method is enabled.
- Reduces weak password use and reuse. When you enable multi-factor authentication (MFA), you create an extra layer of security against weak passwords being used and reused.
The Potential Drawbacks When you Enable Multi-factor Authentication (MFA)
The use of MFA is not without its risks, however.
- Lost access Users can be locked out of their accounts and applications if they cannot provide the additional verification factor(s). Back-up codes are essential.
- Too many hoops. Some users find the MFA process too complicated or cumbersome and deactivate the service. With Passpack, the administrator can implement Password and MFA policies across an organization.
- Secure third-party integration? A third party, such as an email or text message provider, must send MFA credentials and tokens to process the verification code or security question. These services may not be secure, particularly SMS text messaging to send one-time verification codes. YubiKey avoids third party integration.
The Passpack Password Manager Business Plan supports three forms of MFA: Google and Microsoft Authenticators plus YubiKey hardware-based devices.
Should a Passpack user lose access to their Google or Microsoft Authenticators, ten emergency codes are provided that enable users to log in and reset their MFA preferences. Passpack strongly supports the implementation of the YubiKey for the highest level of MFA protection.
Passpack Endorses and Supports Enabling Multi-Factor Authentication (MFA)
Passpack recommends that businesses of every size enable Multi-Factor Authentication MFA. See firsthand how using the Passpack Password Manager with MFA is the ultimate combination to keeping all your data safe and sound. Visit us at www.passpack.com and try our service risk-free for 28 days.