Sponsored

Why is multi-factor authentication so important?

A password isn’t enough for modern day security – it’s time to layer up

Multi-factor authentication is a bit like having a flu jab or an annual physical you know you should do it, and you know it's good for you, but it's also a time consuming faff. Besides, you didn't catch flu last year and you feel completely healthy, so why bother?

In the same way, multi-factor authentication can seem like an unnecessary extra hurdle to jump over in order to get at the data you need, be that logging into your email or accessing a corporate database. A single-factor system, such as a unique password, has worked fine until now (or so it seems), so why bother gilding the lily?

The reality, however, is the same as with health: just because you didn't get an infection previously, doesn't mean you won't get one this year and just because everything seems ok on the outside, doesn't necessarily mean there isn't a problem lurking deep inside.

Frankly put, not using multi-factor authentication can be a seriously reckless course of action.

What is multi-factor authentication?

Before getting much further, it's worth considering what we mean by multi-factor authentication.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In short, it's where a user has to input one or more additional security details as well as their password, PIN code or similar, in order to gain access to whatever information or service is protected by these measures.

A common example of this is the sending of a one-time security code by text to a phone number associated with the account. Administrators (or, if it's a consumer product, the user) can decide with what frequency this second verification step has to be completed, whether it's for every day, every week, every month, each time a new device is used, or whichever parameters or combinations of parameters they wish.

Other examples include a number randomly generated by an external device, such as a key fob, a dedicated phone app that is used to confirm a genuine logon attempt, or a biometric scanner. The latter can be found in security systems such as Microsoft's Windows Hello, built into Windows 10, which offers a way to strengthen authentication through fingerprint and facial recognition.

None of these represents multi-factor authentication in their own right, however, but must be used in conjunction with each other and/or a password.

Why is multi-factor authentication important?

Passwords are the most common form of login authentication across the spectrum of technology. But they're also incredibly fallible.

Advertisement - Article continues below

One of the main failing points of passwords is they rely on the individual remembering them, which leads to the use of weak passwords. If the password is memorable, it's often a "dictionary password" a real word that could be found in the dictionary or a slight modification thereof, or perhaps a person's name or it's something personal to the individual such as their mother's maiden name or the town where they grew up.

If the person's account comes under attack from cyber criminals, both of these are easy to crack depending on the method being used. A targeted attack could use social media to find out details about the individual's personal life, while a phishing attack could try to lure them into handing over these details. Memorable passwords, meanwhile, can be cracked by special software within seconds. Indeed, even long and complex passwords can be cracked, meaning even best practice isn't enough any more.

This isn't to say that passwords are useless they're still the best first line of security we have for most services. But multi-factor authentication means that even if a determined and skilled attacker is able to get past this initial stage of defence, they will be thwarted by the request for a second, separate form of identification.

Rolling out multi-factor authentication

As with any new technical initiative, rolling out multi-factor authentication is both easy and hard.

From an administrative point of view, it will often be a case of simply adjusting security settings of any given software, app or service to require all users to set up multi-factor authentication.

Advertisement
Advertisement - Article continues below

From a practical standpoint, however, there will certainly be resistance from at least some staff and maybe even most. While there's no way to avoid this completely, we're sorry to say, it can be reduced and mitigated.

Advertisement - Article continues below

First, ensure that you have the rest of the board supporting you. Nothing will cause any initiative to fall through quicker than if you don't have the support of the highest levels of management.

Next, ensure that you have communicated what's happening to other divisional and team managers and why it's important. If possible, get them to participate in a pilot program so that they can see how it will work in practice. This will help increase buy-in at this level and also mean you can avoid tickets being raised for simple questions thanks to peer support.

Make the IT team available at the point of implementation to help guide the process and troubleshoot. Nothing will aggravate people more when they're already facing a technical difficulty than feeling they've been left high-and-dry by the people who are supposed to help them.

Finally, make it simple. If your company issues smartphones to employees, then pushing out an authenticator app to all devices may be quite simple to achieve, although there will be some additional training involved. On the other hand, if you operate on a partial or complete BYOD (Bring Your Own Device) basis, then it's almost certainly easier to have all users associate their mobile number with their account and use text message-based authentication. Simplicity such as this means less support and maintenance for the IT team and a much lower level of learning and adaptation for users.

Ultimately, there's no 100% foolproof way to protect data, but multi-factor authentication bolsters defences significantly for relatively little effort or investment. And, with careful implementation, it can be relatively pain-free too.

Find out how HP business devices can protect your workers with multi-factor authentication.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34588/hp-elite-dragonfly-hands-on-review-a-potential-xps-killer
Hardware

HP Elite Dragonfly hands-on review: A potential XPS killer

9 Oct 2019
Visit/security/innovation-at-work/24460/what-is-data-encryption
Security

A complete guide to data encryption

30 Sep 2019
Visit/laptops/34468/hp-elitebook-x360-830-g6-review-above-the-fold
Laptops

HP EliteBook x360 830 G6 review: Above the fold

26 Sep 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019