In today’s world, those organizations not using multi-factor authentication are placing their employees, students, customers, etc. at risk. An analysis of recent breaches will show that if there had been additional authentication factors, many of the breaches probably wouldn’t have happened.
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication is a method of access that requires more than just a password, and adds a second layer of security to help prevent anyone other than an authorized individual from gaining access to a secure system. Access with MFA requires two different types of authentication:
- Something you know – like your username and password
- Something you have – like a USB hardware token, or mobile device, phone, etc. that allows you to confirm your identity
- Something you are – biometrics like a fingerprint, retinal scan, or facial recognition
How does it work?
Many users reuse the same passwords across multiple accounts, meaning that if a hacker gets one set of credentials, many online accounts could be compromised. With MFA, even if hackers are able to successfully phish a login ID and password from a vulnerable user, acquire passwords through installed malware, or discover credentials through password spraying, without that second factor, they are unable to successfully access a system that has MFA deployed.
Implementing multi-factor authentication
Many businesses, colleges and universities, and financial organizations have adopted multifactor authentication. Although it typically begins with system administrators or people with privileged IT access, with the increase in phishing, many are also extending it out to staff, students, and even customers with login-required accounts in order to ensure everyone is protected. A report from Digital Citizens Alliance last year revealed that over 13.9 million e-mail addresses and passwords from faculty, staff, and students from the 300 largest higher education institutions in the US, were bought and sold on the dark web.
There may be some initial pushback by those that fear it will make access to systems more difficult or time consuming, but in reality the additional step really isn’t much more trouble. Remind users that they are already using MFA in other places like their online banking and use real-world examples of breaches or fraudulent activities that have occurred due to systems without MFA being compromised. Most users adjust quickly and appreciate the efforts the organization is going to protect information.
If you are struggling to achieve buy-in from your executive team, you may also want to refer to our previous article on MFA for strategies on how to get your faculty and staff on board. Please don’t hesitate to reach out to us with any questions.
