By Anita Byer, Setnor Byer Insurance & Risk
Did you know that the majority of data breaches are driven by credential theft? Hackers are constantly probing the Internet trying to steal login credentials. One uninformed or unsuspecting user or one careless act, and that’s it. Your world is now their oyster. Fortunately, there is a simple way to keep this from happening. It’s called multi-factor authentication, and it’s very effective. In fact, according to Microsoft, MFA can block over 99.9 percent of account compromise attacks.
Multi-factor authentication (MFA) is a security process that requires more than one method of authentication from independent sources to verify a user’s identity. In other words, a person cannot access a system or account without first providing two or more authentication factors (credentials) that uniquely identify that person. These credentials can be:
- Something You Know (password, PIN, security question)
- Something You Have (security token/app, verification via text, call or email)
- Something You Are (fingerprint, facial recognition, voice recognition)
A common form of MFA requires users to enter their username and password (first factor). The system will then generate and send a unique one-time code (second factor) to the user’s phone or email. If this code is not entered before it expires, account access will be denied. The level of security increases with each authentication factor added to the login process. As you can see, MFA requires hackers to steal more than just your password to access your accounts, like your phone or your thumb(print).
According to the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), MFA should be used whenever possible, particularly for systems, networks and accounts containing sensitive financial, business or personal data. MFA should also be deployed to Internet-facing systems, such as email, remote desktop and Virtual Private Network (VPNs).
MFA makes it very difficult for hackers to access personal or business systems, networks and accounts, like remote access technology, email, ACH and billing systems, even with the password. While some accounts require MFA, others make it optional. If you have the option to enable MFA, do it now. Systems that still don’t have MFA capabilities are way behind the curve, and should probably be avoided.