Passwords need help. Initially, it was thought that a long password was the key. Then, it was a forced march to change your password every 30- to 90-days. Then, it was a very complex, long passwords that changed periodically. And now, according to the National Institute of Standards and Technology (NIST), you should loop back to the beginning; long passwords that are obscure to the hacker, but memorable to you.
However, even with all these changes, passwords are still extremely vulnerable to hacking. Believe it or not, adding one more layer, two-factor authentication (2FA), has not helped. For a variety of reasons that will be explained here, multi-factor authentication is the best cybersecurity solution.
1. They do not provide a strong enough identity check.
There is no check and balance to see if the person who signed in is the individual who owns the account.
2. The security of your company’s sensitive data is solely reliant on the strength of a user’s password. According to Keeper, of the 10 million passwords that were stolen in 2016, a full 17% of them were “123456”. Even more concerning, there are still people that use “password” as their password! Because individuals make their password easy to remember, they can also be easy to crack.
3. There are many ways for bad actors to backend into the company network, including spear phishing.
This security method requires the password method listed above coupled with a unique code sent to the user’s device.
According to updated guidelines by the NIST, sending a SMS message, voice call or email, is better than standalone passwords but not the solution they hoped it would achieve in protecting an organization’s data.
In a recent survey conducted by Duo Security, 90% of respondents stated they use SMS, which is considered the weakest 2FA because it’s impossible to verify and easy to intercept by hackers.
Multi-Factor Authentication (MFA) refers to the simultaneous use of three or more verification mechanisms. Access is granted only if the person who seeks access can successfully complete all requirements.
It is recommended to have:
1. Something the user knows, such as a password, PIN or employee number
2. Something the user owns, such as a smartphone or computer
3. Something the user is, such as fingerprint, optics scan, voice or facial recognition,
The idea is one of these factors will triple confirm that the user is who they say they are and should have access to the data. Obviously, the third item cannot be recreated or recredentialed.
MFA is expected be a $12.5 billion market in four years, with a year-to-year growth rate of over fifteen percent.
1. Because it’s a more complex process, it’s virtually impossible for a hacker to get into the system, unless they have access to all three authentication methods.
2. A single login process is available. Assuming your company accesses multiple applications that are password or 2FA bound, you can now bundle all apps under one MFA sign-in procedure. The system tracks who is accessing what applications during which period.
Because the MFA process will most likely be stored in the company cloud, strong database security, a high level of encryption and cybersecurity provisions need to be a priority.
ProActive Technology Group Can Provide the MFA Protection You Need
We have the most up-to-date firewall, anti-virus, internet, web filtering and secured access control solutions. We keep your users and data secure. Give us a call at 516.876.8200 or drop us an email at firstname.lastname@example.org to learn more!
The ProActive Technology Group
14 Plaza Rd
Greenvale, NY 11548