Why multifactor authentication is a must for your cyber security!
Multifactor authentication (‘MFA’), also known as two-factor authentication (‘2FA’), is software that protects your apps and online accounts from unauthorised access or cyber-attack even if your usernames and passwords have been compromised or stolen.
Do you currently use passwords to protect access to your apps and online accounts? That is, are you relying on your login procedure of username and password to keep your apps and online accounts protected from unauthorised or malicious access?
Do you realise that your login process, whilst needed, does not give you enough protection to ward of cyber-attacks or malicious misuse of your apps and online accounts? The Australian Federal Government, alarmed at the ongoing rise in cyber-attacks on Australian businesses and citizens, is actively promoting use of multifactor authentication as an imperative additional measure to elevate your online security. Refer ‘Implementing Multifactor Authentication’ by ACSC (Australian Cyber Security Centre www.cyber.gov.au).
(MFA is one of two key, layered security measures recommended by ACSC to protect your online data and accounts. Each layer gives you a different level of protection. MFA gives you the security of reactive protection for your online apps and accounts while the second layer gives you proactive^ 24/7 monitored security that works wherever you use your device. ^Please refer to ‘Have Business-Centric Cyber Security’ in this article for more details.)
Relying on passwords for your cyber security is similar to locking your front door but leaving all your windows open. MFA, on the other hand, locks the ‘doors and windows’ on your apps and online accounts and acts like a guard dog ready to respond if bad guys find your spare keys. Multifactor authentication is a must to keep you cyber safe.
But what is multifactor authentication? How does it work and is it difficult to use?
What is Multifactor Authentication?
Multifactor authentication is an additional ‘layer’ of security software used to protect your apps and online accounts from unauthorised use or malicious attack. MFA continues to shield and protect your apps and online accounts even if your username and password have been compromised or stolen.
How does MFA work?
MFA adds an identity check (PROOF) to all login requests to access your online accounts and apps. Access can only be gained to your online accounts and apps through the combined use of your login details and your smartphone.
Is MFA difficult to use?
In talking with users, I find their biggest concern around adopting MFA is the added complexity it adds to accessing online accounts and apps. Speaking from my own experience, once properly set up MFA is easy to use especially as, like most people, I always have my mobile with me. Yes, MFA does add another step but that’s what makes it more difficult for hackers or disgruntled associates to break into your accounts.
For a brief and slightly more indepth look at how MFA works and how easy it is to use, please refer to Managed Service Provider itro’s info sheet itro-MFA-Info-Brochure.pdf
Is MFA ‘unhackable’?
Turning on two-factor authentication makes it a lot harder for hackers to access your online accounts and apps, but not impossible. A particularly determined hacker who has acquired your username and password could steal your phone or spoof your phone number to gain access to your messages to intercept MFA requests, but that would be a very targeted attack.
Why giants like Google are making MFA/2FA compulsory
On World Password Day (6 May 2021) Mark Risher, Director of Product Management, Identity and User Security, Google, announced Google LLC is going to make MFA compulsory for all account holders under the banner, ‘A simpler and safer future – without passwords’. Why? Mark Risher answers:
“You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious…
Unfortunately, even the strongest passwords can be compromised and used by an attacker – that’s why we invested in security controls that prevent you from using weak or compromised passwords…
Soon we’ll start automatically enrolling users in 2SV (Google’s two-step verification process) if their accounts are appropriately configured.”
I find this really interesting. The company I work for, Melbourne-based MSP itro, along with software developers and cyber security experts globally, has been encouraging users and clients to adopt layered security measures for a number of years, yet response from businesses and Firms has been slow. Unfortunately a lax attitude and/or misunderstanding of the magnitude of cyber threats affecting businesses has created a minefield of hidden online dangers. How? We live in the age of The Internet of Things (IoT), with billions of physical devices around the world collecting and sharing data. Whilst your business or Firm may have implemented key steps promoted by the Australian Government to protect your business from cyber threats, your affiliated suppliers, clients, contractors or stakeholders may not. Their compromised systems can be used by hackers as ‘backdoors’ to your online business and data.
Knowing the risk is enormous, and growing, Google has chosen to start enforcing baseline security measures for their account holders by making two-point, or multifactor, authentication mandatory. What does that tell you? That Google LLC, with all its vast technical and people IT resources, is choosing to mandate use of MFA for its connected subscribers?
Protect your SME or Practice from cyber threats
Promote a ‘security culture’
With random acts of cyber-crime endemic and targeting both consumer and business users, it’s important you and your team develops a ‘security culture’ when it comes to all online activities. Always pay attention to suspicious emails and alerts; before transferring money or changing account details always take the time to directly phone whoever is supposedly making a request; and remain vigilant.
Have business-centric cyber security
All online users should adopt MFA/2FA for the added protection it gives to your online accounts and data. Is adding MFA enough to protect businesses? It’s better than relying on passwords and antivirus but the best defense against cyber threats is having layers of security measures that work together to protect your devices, apps, online accounts and data. In line with ACSC’s ‘Essential Eight’ cyber security recommendations, Managed Service Provider itro highly recommends you initiate 5 essential steps to protect your business from cyber threats:
- Stop a threat from reaching your ‘front door’
- Don’t let it through your ‘front door’
- Stop or slow down the spread if it gets into your network
- Perform regular data backups
- Keep up with software updates.
Whilst MFA and antivirus help you with the first two steps, they do not alert you or stop your systems from being comprised if a hacker gains access to your online accounts or data. However you can be alerted and stop, or slow, the spread of a cyber attack by integrating another layer into your IT security measures – proactive 24-7 monitoring of all your internet enabled devices with itro Endpoint Protection.
When you subscribe to MFA and itro Endpoint Protection through one of itro’s Managed Support Plans you gain the peace of mind of proactive 24/7 cyber security, regardless of where your team works from – either within your protected office environment, offsite or remotely. NB For more information of the role antivirus plays in your cyber security, please read my article, ‘Antivirus and Cyber Security’.
Don’t rely on passwords
Why are passwords not enough to protect your online accounts and apps? Because passwords are surprisingly easy to crack. For starters, people are still using obvious passwords such as ‘123456’ or ‘password’. As of 2020 ‘123456’ is still the world’s most commonly used/easily abused password. That fact makes cyber security experts around the world tear their hair out as they struggle to understand why people keep making the same bad password choices year in, year out. But let’s face it, most of us have enough to think of without adding difficult-to-impossible-to-remember passwords to our lives! Sadly, dishonest people and hackers count on that!
Technology to crack your passwords
The second reason passwords are easy to break is technology! Software is available online to anyone who wants to crack passwords. Google ‘breaking/cracking passwords’ to get an idea of how much information, videos and help is available online for people wanting to break passwords. It doesn’t make for comfortable viewing!
This is why you should only ever use complex passwords to protect your online accounts. (NB Using a Password Manager app, such as LastPass, helps you generate complex passwords and store them in a secure online account you can access, using MFA, from your device or smartphone). However, complex passwords in themselves aren’t a guarantee your online accounts won’t get hacked. They protect you from opportunistic attacks and will delay hackers who use technology to crack your passwords, but they are not infallible.
- MFA gives you the security of reactive protection for your online apps and accounts.
- Endpoint Protection gives you proactive 24/7 monitored security that works wherever you use your device.
For more details on itro Endpoint Protection, please read my article, ‘Only itro Endpoint Protection keeps you cyber safe 24-7’.
If you have any questions in relation to cyber security, MFA, itro Endpoint Protection, or are concerned your current IT security measures are inadequate, please call itro now on 1800 10 3000. Our engineers will happily answer your questions and you can request our free IT consultation.