Why is multi-factor authentication so important?

A password isn’t enough for modern day security – it’s time to layer up

Multi-factor authentication is a bit like having a flu jab or an annual physical you know you should do it, and you know it's good for you, but it's also a time consuming faff. Besides, you didn't catch flu last year and you feel completely healthy, so why bother?

In the same way, multi-factor authentication can seem like an unnecessary extra hurdle to jump over in order to get at the data you need, be that logging into your email or accessing a corporate database. A single-factor system, such as a unique password, has worked fine until now (or so it seems), so why bother gilding the lily?

Advertisement - Article continues below

The reality, however, is the same as with health: just because you didn't get an infection previously, doesn't mean you won't get one this year and just because everything seems ok on the outside, doesn't necessarily mean there isn't a problem lurking deep inside.

Frankly put, not using multi-factor authentication can be a seriously reckless course of action.

What is multi-factor authentication?

Before getting much further, it's worth considering what we mean by multi-factor authentication.

In short, it's where a user has to input one or more additional security details as well as their password, PIN code or similar, in order to gain access to whatever information or service is protected by these measures.

A common example of this is the sending of a one-time security code by text to a phone number associated with the account. Administrators (or, if it's a consumer product, the user) can decide with what frequency this second verification step has to be completed, whether it's for every day, every week, every month, each time a new device is used, or whichever parameters or combinations of parameters they wish.

Advertisement - Article continues below
Advertisement - Article continues below

Other examples include a number randomly generated by an external device, such as a key fob, a dedicated phone app that is used to confirm a genuine logon attempt, or a biometric scanner. The latter can be found in security systems such as Microsoft's Windows Hello, built into Windows 10, which offers a way to strengthen authentication through fingerprint and facial recognition.

None of these represents multi-factor authentication in their own right, however, but must be used in conjunction with each other and/or a password.

Why is multi-factor authentication important?

Passwords are the most common form of login authentication across the spectrum of technology. But they're also incredibly fallible.

One of the main failing points of passwords is they rely on the individual remembering them, which leads to the use of weak passwords. If the password is memorable, it's often a "dictionary password" a real word that could be found in the dictionary or a slight modification thereof, or perhaps a person's name or it's something personal to the individual such as their mother's maiden name or the town where they grew up.

Advertisement - Article continues below

If the person's account comes under attack from cyber criminals, both of these are easy to crack depending on the method being used. A targeted attack could use social media to find out details about the individual's personal life, while a phishing attack could try to lure them into handing over these details. Memorable passwords, meanwhile, can be cracked by special software within seconds. Indeed, even long and complex passwords can be cracked, meaning even best practice isn't enough any more.

This isn't to say that passwords are useless they're still the best first line of security we have for most services. But multi-factor authentication means that even if a determined and skilled attacker is able to get past this initial stage of defence, they will be thwarted by the request for a second, separate form of identification.

Rolling out multi-factor authentication

As with any new technical initiative, rolling out multi-factor authentication is both easy and hard.

Advertisement - Article continues below
Advertisement - Article continues below

From an administrative point of view, it will often be a case of simply adjusting security settings of any given software, app or service to require all users to set up multi-factor authentication.

From a practical standpoint, however, there will certainly be resistance from at least some staff and maybe even most. While there's no way to avoid this completely, we're sorry to say, it can be reduced and mitigated.

First, ensure that you have the rest of the board supporting you. Nothing will cause any initiative to fall through quicker than if you don't have the support of the highest levels of management.

Next, ensure that you have communicated what's happening to other divisional and team managers and why it's important. If possible, get them to participate in a pilot program so that they can see how it will work in practice. This will help increase buy-in at this level and also mean you can avoid tickets being raised for simple questions thanks to peer support.

Advertisement - Article continues below

Make the IT team available at the point of implementation to help guide the process and troubleshoot. Nothing will aggravate people more when they're already facing a technical difficulty than feeling they've been left high-and-dry by the people who are supposed to help them.

Finally, make it simple. If your company issues smartphones to employees, then pushing out an authenticator app to all devices may be quite simple to achieve, although there will be some additional training involved. On the other hand, if you operate on a partial or complete BYOD (Bring Your Own Device) basis, then it's almost certainly easier to have all users associate their mobile number with their account and use text message-based authentication. Simplicity such as this means less support and maintenance for the IT team and a much lower level of learning and adaptation for users.

Ultimately, there's no 100% foolproof way to protect data, but multi-factor authentication bolsters defences significantly for relatively little effort or investment. And, with careful implementation, it can be relatively pain-free too.

Find out how HP business devices can protect your workers with multi-factor authentication.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now


mergers and acquisitions

HP claims Xerox takeover would be "disastrous" during coronavirus crisis

26 Mar 2020

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

HP Elite Dragonfly G1 review: An enterprise essential

27 Feb 2020

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020