MULTI-FACTOR AUTHENTICATION |
|
Multi-Factor Authentication is one of the most effective ways of improving account security and is now required by most major insurance carriers for cyber liability insurance.
WHAT IS AUTHENTICATION?
Authentication is the action of validating a user’s identity. While there are a lot of different methods that can be used for this, they tend to fit into three main categories:
-
Something you know – E.g. A password, other private information
-
Something you have – E.g. A hardware token, a physical key, a specific device
-
Something you are – E.g. Biometric data, fingerprints, facial recognition
WHY DO WE NEED MULTI-FACTOR AUTHENTICATION?
The most common authentication method is a username and password. We use passwords constantly for logging into services and sites across the internet and it has been the standard since computer security started.
However, passwords have a lot of flaws. As humans, we are not good at remembering lots of random data and therefore we tend to pick easy to remember, but weak passwords. There are protections we can use against this, such as password managers, password policies, and user training, and all these things should still be implemented. Unfortunately, this is often not enough.
According to Verizon’s 2021 Data Breach Report, 61% of breaches leveraged compromised credentials. A very common example of this is phishing emails. A malicious actor sends a phishing email and convinces a user to input their username and password on a fake site. They now have access to that user’s credentials and can log in as them. Depending on the credentials, this could give the attacker very damaging access. |
|
HOW IT WORKS
The answer to this is Multi-Factor Authentication (MFA), also referred to as two-factor authentication. With this approach, instead of using one of the authentication methods, we use two or three from different categories. This gives a substantial boost in security.
For example, let’s say we add a hardware security key as a second authentication method. Now, when you authenticate to a computer, you are required to provide both a password and to plug in the security key. The computer will only authenticate successfully if both methods are provided. If we look at our previous example, the attacker now has access to the user’s password, but they also need physical access to the smartcard. This means they must travel to the location of the user and steal the smartcard to gain access. For many attackers, especially foreign cybercrime groups, this is not a feasible possibility and this method of attack is stopped in its tracks.
|
|
HOW DO I IMPLEMENT?
As an individual user, many places you login already offer Multi-Factor Authentication, it just has to be enabled in the settings. The 2FA Directory is a website that has entries for many online services and whether they support Multi-Factor Authentication.
For organizations, authentication options can be more complex depending on the environment and organizational needs. However, as Multi-Factor Authentication becomes more prevalent, the ease of configuration is increasing.
Both Microsoft and Google have Multi-Factor Authentication methods built into their cloud email and directory offerings. Other services such as Duo and Okta, offer authentication services that integrate with many other platforms and can be woven into a more complex infrastructure.
|
|
REGISTER NOW
Join us for a FREE LIVE CYBER WEBINAR on Wednesday, August 24, at 1 p.m. to learn more about Social Engineering, Phishing, and Multi-Factor Authentication.
Matthew Johnson, Associate Vice President, Information Technologies for Schauer Group will lead an informative session on these topics and answer questions live.
It is rapidly becoming expected—and in some cases required—for you to show a level of compliance with these activities in order to be considered eligible for cyber liability insurance. Register for this free live webinar below to learn more.
|
|
|
Cyber Webinar: Social Engineering & Multi-Factor Authentication
|
|
|
LOCATION
Virtual via Webex
DATE AND TIME
08/24/22 1:00pm
-
08/24/22 2:00pm
|
|
|
|
|
|
|
|
Need more cyber resources?
Visit our online Cyber Portal to access articles, assessments, and best practices to help protect yourself and your business.
|
|
|
|
Canton | 200 Market Ave. N, Suite 100, Canton, Ohio 44702
Cleveland | 9200 South Hills Blvd., Suite 145 Broadview Heights, OH 44147
|
|
|
|
|
|
|
