The answer is simple. It works. Multi-factor authentication (MFA) is your single most effective control to deter remote attacks. It prevents cybercriminals from quickly gaining access to your infrastructure. Microsoft has gone as far as saying MFA blocks 99.9% of account compromise attacks.
According to a survey by Google, security experts include MFA among their top three items when it comes to security online. Even consumers (86%) indicate that MFA makes them feel like their online information is more secure.
With cloud computing, MFA is mandatory as users aren’t typically present. Users access systems from anywhere, anytime. MFA ensures credentials by requiring additional authentication factors. Those different factors decrease your likelihood that a hacker accesses your network through a brute force attack, phishing attack, stolen hardware, or other means.
What is MFA or 2FA?
Sometimes referenced as two-factor authentication (2FA), MFA requires the presence of at least two credentials when logging into an account. It’s a core element of a strong identity and access management (IAM) policy.
MFA enhances your security by requiring users to identify themselves through more than a username and password. Brute force attacks easily compromise usernames and passwords. As a matter of fact, Verizon cited stolen login credentials as the top tactic used by hackers in its 2020 Data Breach Report. On top of that:
- 92% of organizations have credentials for sale on the Dark Web
- 61% of people use the same or similar password
- In 2018, “123456” and “password” were the top two password choices
- 81% of data breaches stem from weak or stolen passwords
MFA layers in additional security and requires a second authentication factor.
Where credentials are concerned, they fall into three categories:
- Something you know like a password, personal security questions, OTP, or PIN
- Something you possess like a debit card, smart card, token, fob, or OTP
- Something you are like your fingerprint, voice, retinal scan, or facial recognition
Those credentials must include two of the categories to permit access. If you’ve ever used your debit card and entered your PIN to withdraw money, you’ve used MFA.
Another example is one-time passwords (OTP). Maybe you’ve attempted to login into a bank account, and you’ve received a 4-digit passcode to enter before being able to access your account. That’s MFA, too.
Credit: NIST/Natasha Hanecek
Often, you don’t even need the second factor. Most MFA approaches, for example, remember a device. So, if you use the same phone or computer, it’s recognized as the second factor.
Some organizations elect to deploy MFA based on risk. Risk-based MFA, also referred to as contextual or adaptive, involves deployment where sensitive data or transactions may be affected. As such, it allows companies to improve security as warranted. For low-risk access, a username and password may remain the only required form of authentication.
Multi-Factor Authentication Adoption Rates
Despite the apparent advantage MFA affords from a security standpoint, too many organizations fail to implement the practice.
A study by LastPass of 47,000 organizations worldwide found that a bit more than half (57%) adopted MFA. The good news is that at least that represents a 12% increase from the previous year.
Larger organizations use multi-factor authentication in greater measure. When looking at organizations of 10,000 plus workers, 87% of employees use MFA for login authentication. Those percentages drop significantly as organization size decreases.
When you consider that 31% of hacking attacks focus on companies with 250 or fewer employees, MFA makes a great deal of sense.
Industry influences adoption rates. Not surprisingly, the technology and software sector demonstrated the most significant adoption rate at 37%. Insurance and legal industries fall at the rear, with only 20% of employees using multi-factor authentication.
7 Benefits of Multi-Factor Authentication
Considering how quickly and easily MFA can deploy, it’s surprising more SMBs don’t take advantage of its enhanced security. MFA reduces fraud and identity theft in great measure because hackers can no longer breach your network by cracking a password.
But multi-factor authentication delivers more than just enhanced security.
- Consumer Data: MFA protects consumer data from theft and creates a greater sense of security and trust.
- Compliance: Several compliance standards specify organizations use MFA for specific situations. PCI-DSS, for example, requires multi-factor authentication in some instances. HIPAA also requires MFA for medical records. Even NIST presents standards requiring MFA.
- Single Sign-On: MFA works in conjunction with Single Sign-On (SSO) solutions. SSO works by validating users through MFA during the login process. Once authenticated, they are logged into SSO software, giving them access to available apps without requiring multiple logins to each app. MFA combined with SSO also removes any risk of data loss through password misplacement.
- Zero-Trust: Apart from SSO, multi-factor authentication is critical to zero-trust security. It increases the likelihood the user attempting to sign in to the network is the person authorized to do so.
- Simple Installation: MFA is straightforward and among the least costly security solutions to implement. Equally important, it’s non-intrusive with your network and presents zero downtime when installed.
- Remote Access: Remote employees can log in and access corporate applications and resources from anywhere. Plus, they can do so without creating a security risk.
- Password Fatigue: NordPass reports that the average user has 100 passwords. For that reason, many users elect to use the same password across multiple accounts. Doing so runs the risk that if one account gets compromised, others will as well. MFA buffers this situation with an added security layer.
Putting MFA to Work in Your Organization
In the world of cybersecurity, using multi-factor authentication is a no-brainer. It’s easy to implement, cost-effective, and user-friendly. Microsoft Azure, for example, requires some simple steps for deployment on its environment. Best of all, it dramatically reduces cyber threats.
If you’re ready to put MFA to work in your organization, get in touch. We provide IT support and solutions to clients in PA, MD, DE, and other locations. We can help lock down your environment with our array of cybersecurity services.