Why Your Password is Not Enough and How MFA Can Help
Updated: Jul 27, 2021
In today's world connectivity is absolutely everything. We treat technology as an extension of ourselves and in some cases, we feel incomplete when we don't have technology at arms reach.
This obsession with technology has been constantly on the rise with data from research company IDC revealing that the average kiwi owns 6.5 devices and has 67% percent of these connected to the internet, and it is fair to say that this number has only grown following numerous lockdowns, people working from home, and IoT devices.
Because of this, cyber security is a growing concern of the working individual. Many people have a range of devices that they use for work. Whether this is a smartphone, personal device or a desktop we seem to be always connected to something. The trouble is the more connected we are, the more vulnerable we become.
This growth in connectivity demands for us to have better security practices to ensure we avoid falling victim to malicious scams that can seriously hemorrhage an individual and comprise a business.
No longer are hackers trying to purely target large corporates or people in power, many individuals have found themselves in the crosshairs of hackers, making victims of everyone.
It is because of this we want to talk about a couple of prevantitive measures known as 2-factor and multifactor authentication (MFA) that businesses can implement.
These measures have been gaining traction in a number of business worldwide. This is especially the case for large businesses that have thousands of employees, where they are encouraged or required to use MFA, meaning these business are more likely to be significantly ahead of their peers when it comes to mitigating threats. In cybersecurity, doing the basics well often has the biggest impact on preventing the most common attacks, so expect to see more widespread usage of MFA across sectors in the coming years.
However, less than a third of the smallest businesses have employees using MFA.
We interpret this to mean that either businesses of 1,000 employees or fewer are less
familiar with MFA or it’s not a priority – which is understandable when you have IT
staff who are likely juggling many responsibilities and competing priorities. However,
according to the 2019 Verizon Data Breach Investigations Report, 43% of cyberattacks
are aimed at small businesses.
There for it is important to understand more about what these authenticators do and how they work.
Two-Factor Authentication (2FA) is readily available on almost every modern device and provides an extra layer of security. It is used to make sure that people trying to gain access to online accounts such as bank accounts or emails are who they say they are.
Without two-factor authentication, a person would normally enter a username and password. But, with two-factor, they are prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. Furthermore, With multi-factor authentication, a person would be prompted to enter more than two additional authentication methods after entering your username and password.
Realistically, you can come up with the most complex password in the world and change it regularly but this will not stop determined hackers from using hacking tools that look at lines of code and algorithms that may just by chance get the right combination of letters and numbers. This is not to say that proper password hygiene is bad, it is ideal to make a strong, unique password that you can easily remember, but you should not become complacent with just stopping there.
With multi-factor authentication, should a hacker breach the first line of defense (i.e username and password) they have to crack another more complicated layer in order to access your personal data. There are a range of apps that you can use to enable unique codes that change every few seconds or send SMS confirmations to verify your identity.
Finally, it is also important to realise that not all MFA processes are equal. Cyber criminals are becoming more advanced as technology develops, this means that something like a sim-swapping scam or Direct Denial of Service (DDoS) attack can circumvent an SMS authenticator or app.
If you are unsure about 2FA and MFA, or if you are not sure about which solution best meets your needs, chat with the team at ACS today and we can help maximise your security without minimising productivity.