Passwords are just the beginning

Authentication is the process of identifying users that request access to a system, network, or device. For your phone that could be a 4 digit pin, or for most logins it is a username and password.

As long as you remember that password, input it correctly and viola, you’re in. Simple, but should it be so simple where your business is concerned?

Good security requires layers, that’s as true for any physical space as it is for your digital systems. Don’t stop just because you’ve fitted a lock to the door.

For most people, the only thing protecting their account from intrusion is a username and password, with this information a criminal has the one key, to the one lock separating them from your data and systems.

If you’re going to hinge your businesses security on a password, you had better make sure it’s a good one, but are they?

The temptation to reuse an old reliable password for everything guarantees you won’t forget it, you will regret it if someone else gets a hold of it. Your one key that fits all your locks has been taken.

This is the dream scenario for every cyber criminal when they launch a phishing attack on a business to gather your username and password, if it unlocks one account, it will probably unlock others.

 A password manager creates and remembers complex passwords for you, which is a fantastic tool for keeping track of dozens if not hundreds of usernames and passwords. But if a password is compromised you are still exposed after your one layer of protection is gone. Passwords are important, as a first layer in the authentication process, but you can do more.

MFA (Multi-Factor Authentication)  is a step away from our dependency on usernames and passwords.

“One simple action you can take to prevent 99.9 percent of attacks on your accounts”

Melanie Maynes Senior Product Marketing Manager, Microsoft Security

That simple action is enabling MFA. As the name suggests, MFA puts more factors between a legitimate user or hacker and a successful login attempt.

Multi & Two Factor Authentication

Multi-Factor Authentication (MFA) is a type of authentication that requires two or more factors of authentication. Two-Factor Authentication (TFA) is a type of authentication that requires exactly two factors of authentication.

Whether it is MFA or TFA, you are securing your systems behind additional layers of security, which is an improvement upon relying on the standard username and password requirement.  The more factors you use, the more secure you are, but there is a security to convenience balance that must be achieved for the sake of your employees compliance with the policy.

Methods of Authentication

We’ve all been using TFA for years, every cash machine you’ve ever used has required two factor authentication from you. You need both your PIN (something you know) and your card (something you have) to access your bank account.

Imagine a world where you only needed your PIN to withdraw money, or rather, someone else only needed your PIN to withdraw your money. The card is another factor that keeps your assets safe.

What about your businesses cyber security?

The idea with MFA is that even if your username and password has been stolen, hacker still can’t get bypass factors 2 or 3, because they lack a whole new component, perhaps your phone, or your fingerprint.

There’s a variety of methods you and your employees could use, that best suit your needs.

1. Something users know:
   • Passwords.
   • PIN numbers.
2. Something users have:
   • Authenticator app.
   • Phone call.
   • Email.
   • Text message.
   • Key/key cards/fobs.
   • RSA Tokens.
3. Something users are: 
   • Eye scanners.
   • Facial ID scanner.
   • Fingerprint.
   • Speaker Recognition.

A standard MFA procedure might be as follows:

Factor 1: Username and password (ideally saved in a password manager.)

We offer Keeper password manager. It’s very secure, and very easy to use. And it provides lots of advanced functions that are really useful for businesses such as:

• Secure password sharing between staff members.
• Auditing, not just of login but of individual password access.
• Single Sign On (SSO) – so you can use your Microsoft 365 credentials to access it for example.
• Security scoring of your passwords.
• Dark web monitoring of all your passwords to identify any leaked passwords.

Factor 2. Authenticator apps link your accounts with a time-based one-time password.

Microsoft Authenticator is a great tool for Microsoft customers, but for businesses we offer Keeper, which has inbuilt two-factor authentication.

Factor 3. Complete a fingerprint or facial scan.

Microsoft’s own Windows Hello system is a secure way to get instant access to your Windows 10 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.

Part 4. You have been successfully authenticated.

These additional factors of authentication make it so that your username and password are no longer the be-all and end-all of your security, stopping the effectiveness of phishing attacks against your business.

Security and convenience: finding the balance

No one wants a safe so confusing you can’t open it.

The best security systems in the world are pointless if people are not using them. Use what factors keep you secure and work for the needs of your employees and business.

It is all about finding that sweet spot, where your business is secured, without getting bogged down in the technical side of things. Pick what MFA options are best for you.

Call to action: Enable MFA

Multi-Factor Authentication really does make your business exponentially safer from cyber attacks, potentially for free and with just a little effort.

Here’s how to activate MFA on some of your most used accounts, Microsoft and Google.

Once it is enabled and set up efficiently, you’ll barely notice it as you continue doing what you do best, running your business.