Benefits of MFA: Security for a Network, Simplicity for End Users
It's a security-focused world these days. Many of us are still working remotely — if not full time, at least partially — and this opens up a lot of new avenues for malfeasance from the hacker community.
As a senior systems engineer, I understand the vital importance of properly balancing security with productivity. If you talk to our security engineers they would say they prefer a locked-down, zero-access policy, but that's not going to work in a real-world scenario.
We have to find security solutions that work without being a hindrance. These include multi-factor authentication (MFA) and strong passwords. But for any security solution to be effective, we also have to take the time to educate employees, customers, and their user base.
It’s not just about the stakeholders in the company that we deal with on a regular basis, but those end users. They're ultimately who we work for because it's our job to make sure they can get their job done.
So education becomes just as important as rolling out the security solution. The fact is that change is uncomfortable for people. It's important for people using the technology to be comfortable with it. Your IT organization needs to explain the technology, make sure you know how to use it, and be there as a resource if you have questions or need help.
Whether you work with an internal or external IT provider, I encourage you to call your support team if you run into issues or something's not working right, or you're just not sure if you're doing things correctly.
Related article: Everything You Need To Know About IT Service Tickets
Multi-factor is the X factor
Multi-factor authentication is another layer of security on top of a traditional username and password. There's something you are (your username), something you know (your password), and something you have (your MFA token).
That token could be a code on your phone (which most of us have with us at all times), it could be a text message that you get, or it could be a physical token. But there are multiple ways to authenticate yourself and prove your identity.
Passwords can be hacked, they can be lost, they can be leaked on the dark web. MFA adds another layer of complexity that somebody has to get through before they can get to your data.
From an end user standpoint, with MFA we can transition employees to stronger passwords without the need to change a password, because now we have this third layer. We can ensure that you're secure while actually making it easier for people to do their job.
The password is ...
Password changes can be very stressful. You might not think so because it's such a simple action, but it’s been ingrained in people that it has to be random. “You can't use your name!” “You can't use your kid's name!”
I can walk up to someone’s desk and look around or just have a conversation. I can say, hey, when’s your son's birthday? How long have you been married? What’s your dog’s name?
From this nonchalantly acquired information, I can probably extrapolate something very close to the actual password. Too close for comfort, one might say. Or I can just pick up the keyboard, turn it over and read the sticky note attached underneath. I still see that a lot.
… not enough to get in
With MFA, if an employee did resort to the old sticky-note-under-the-keyboard trick, whoever puts that password in is going to get slapped in the face with “OK, we just sent a text message to your phone.”
Well, I don't have your phone so I'm not going to get in. And that is, in a nutshell, why we like MFA and why more customers and more businesses are embracing it. Ultimately it's not the end all be all, and it's not the perfect tool to defeat cybercrime.
But, it makes it much more difficult for a hacker, or somebody who's determined to do bad things with your information, to get into not only your computer but the entire corporate network.
Put policies in place
Password policies can be as benign as using any eight characters all the way up to a complicated, 32-character, randomly generated password with every wingding symbol you could ever imagine. And it's only good for 45 minutes.
The latter of those two examples, albeit with some exaggeration, is going to be someone like myself who has an administrative account with administrative authority. We're never going to put that on an end user.
Passwords for ever day users should be about 12 characters with a combination of letters, numbers and symbols. And, it’s still advisable to not use actual dictionary words.
Related article: 5 Simple Ways To Strengthen Your Passwords
Algorithms are smart these days. Let’s say a password is “door21.” Even if written as D, zero, zero, R, two, one — let’s even add an exclamation point at the end just for good measure — the algorithm is going to say, “Hey, that's still a word, dude. There are O’s in there, they’re just zeroes.”
MFA can allow us to dial that back a little bit and still allow the use of passwords like “door21!” because as soon as that password is entered in, a code will be pushed to your phone. And that code is random and only good for 20 seconds. So just figuring out the password is no longer enough for hackers to access your data.
MFA is easy to use and hard to beat. Most importantly, it’s a crucial, extra layer of protection beyond a traditional password. It’s the “something you have.” And that something is security.
What's The Bottom Line?
The bottom line is that MFA is another layer of protection that keeps your network safe.
At Kelser, we provide MFA for all of our clients as part of our comprehensive managed IT support services offering. Having said that, I know that managed IT isn't the right solution for every organization. That's why I'm writing this article, so you have the information you need to protect your organization whether you work with us or not.
You may have the internal IT resources to implement MFA or you may need help from an external IT provider. If you are considering external IT support, we encourage you to explore several options so you get one that is the right fit for you.
If you are just beginning that process, check out this article which details the 10 best questions to ask an IT provider.
Still not sure about MFA? Read this article where we unveil the truth about 3 common multi-factor authentication concerns.
Are your cybersecurity tools up to the latest threats? Not sure? Click the link below and download the free cybersecurity eBook to learn 10 actions you can take today, including: updating applications and operating systems, password protecting mobile devices, and maintaining current backups.