What is Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is an added security measure that requires users to provide extra verification to gain access to resources such as accounts, applications or even a VPN. With all the advancement in cyber attacks, a password is very little protection as most users often choose weak passwords, re-use the same password across multiple applications or even store passwords in locations that are not secure. It is proven that more that 75% of people aged 18 and up re-use the same password across multiple accounts.
Once a password is stolen, hackers will then use the credentials to log into applications and business systems and can cause some serious damage to businesses and/or personal lives. By enforcing extra layers of security across your accounts it complicates it for hackers to get into your accounts. Multi-factor is designed so even if your username and password were compromised they don’t have the extra piece of security to get into your account which is Multi-Factor Authentication. This gives user a piece of mind
How Does It Work?
Multi-Factor Authentication typically requires a combination of a random generated code. Some Multifactor Authentication options include, but are not limited to:
- SMS Token
- Authentication App
- Random Pin
- Physical Token
SMS token are recommended for most users as during a login of an account, the system automatically send the linked mobile number with a text message that the users will have to manually enter in before gaining access to the account. Without the mobile phone in front of you, you will not be able to access that account.
It is recommended that if you ever get a Multifactor notification and it is NOT you requesting it, you contact Sterling IT immediately as it could mean that your username and password is compromised and someone is trying to get into your account.
If you have any concerns or would like to enquire about enabling this for your business or personal accounts, please reach out to Sterling IT for assistance/guidance.
Challenges around Multi-Factor Authentication
Multi-Factor Authentication just like any other form of security comes with some challenges for users:
- If a user loses their mobile phone or personal device that is associated with the Authentication method, the user will not be able to sign in where MFA is required.
- MFA requires an internet connection, if a business or user was to experience an internet or network outage, users will not be able to sign in.
- Most MFA have a auto-sign out policy, which means after a certain period of time (normally 90 days) you will have to re-enter your MFA in with a newly generated code