Monday, January 11, 2021

MFA – A requirement, no longer a choice.

If you do not have Multi-Factor Authentication (MFA) in place yet, get a move on! If by some chance you have selected this post to read and do not understand MFA let us provide a brief definition.

MFA – sometimes known as 2 Factor Authentication – requires users to sign in with two out of three of the follow credential types – something you know (e.g., password), something you have (e.g., application on your phone), or something you are (e.g., fingerprint).

While many organizations have made the shift to using MFA, there are still some that are struggling to get this technology in place – due to timelines, budgets, or just overall understanding of its benefit. Today, it is no longer a nice-to-have to implement MFA, it has really become a requirement. A layer that is a must have for all institutions. Phishing campaigns have made it easy business for attackers to gain credentials from unsuspecting employees and gain unauthorized access into company networks. If MFA is in place and enforced, once the attacker tries to leverage the password harvested to gain access to company systems, they would be stopped, not having the second factor available to complete the login.

MFA is not perfect, but when organizations finally make the move, it brings some peace of mind. While the sentiment was that MFA would render all phishing or password stuffing irrelevant, as we know now, it did not, but none-the-less it does stop many attacks from full success and unauthorized access.

As an aside, MFA is now available on many consumer services and we urge all users to enable this throughout their personal accounts as well (e.g., Gmail, Facebook).