Nearly every online account you make has the option to turn on multi-factor authentication (MFA). In fact, for many websites MFA isn’t just an option, it’s a requirement. With all the different acronyms that are thrown around, it can be difficult to keep track of what’s what. In this article we’ll go through what MFA is, how it works, and why it’s important in 2024.
What Is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is an additional security measure to protect user accounts and ensure the person logging in is who they say they are. It requires the user to provide an additional piece of information beyond just their standard login credentials in order to gain access to the account.
How Multi-Factor Authentication Works?
As the name suggests MFA involves multiple forms of verification. The first of these is usually just the username and password of a user. A common second authentication method is using a verification code which is linked to the user’s other accounts or devices. These verification codes code can come through avenues such as email or SMS but another common way to get these codes is using a authentication app.
When the user opts to use email/SMS to gain a verification code, a code is sent to the email address or phone number that belong to the user. Theoretically only that user should have access to that email account or mobile phone, so it adds an additional layer of protection. While this is a great added layer of security, it is still technically vulnerable if a cybercriminal were to intercept the message featuring the verification code.
This is where authenticator apps come in. Here are some popular examples of these authenticator apps:
- Google Authenticator
- Microsoft Authenticator
- Duo
- Many others
Unlike email/SMS, these apps generate codes locally on a device owned by the user, rather than sending them in an unencrypted form. This means whoever is logging in needs to have the user’s registered physical device (ideally protected by its own security), the code can’t be intercepted from afar.
With MFA there are also additional verification methods such as biometric verification (finger prints, facial recognition), and hardware tokens (YubiKey) that can allow for heightened security.
Why Is Multi-Factor Authentication Crucial in 2024?
Passwords are great but they’re not enough!
Just because you have MFA, doesn’t mean you should relax your passwords, but the truth is that the password isn’t enough. Through various data breaches and hacks, billions of passwords and login credentials have been leaked online. With password protection alone, user accounts are vulnerable the moment the passwords are leaked. Fortunately, with MFA an unwanted party attempting to login will still require to fulfil additional verification to access the account.
If you’d like to check if your credentials have been leaked online you can use resources such as Have I been pwned.
Avoid the data breach altogether.
Not only does MFA protect users who have been victim of a data breach, MFA can help avoid the data breach from even happening. According to a Microsoft report, using a second factor for authentication can block as much as 99.9% of attacks. Needless to say, stopping a data breach is a significant win in developing trust for a brand and their customers over the long term.
Secure cloud and enterprise infrastructure.
It’s not just the data you need to protect. Many businesses also rely on their technical infrastructure to maintain day-to-day operations. With the developments in AI and other technical spaces, this is only likely to increase. Keeping good security hygiene ensures the only people accessing your systems are those who are meant to.
The most common threat for both users and companies are social engineering attacks such as phishing attacks. Phishing attacks attempt to fool users into giving up information to people that shouldn’t have it. However, with MFA, these types of attacks are rendered useless because the MFA code that’s generated each time will be different.
Is MFA enough?
Multi-Factor Authentication is great but no security protocol is infallible. On its own, MFA won’t be enough to protect your organisation, it should be used as part of a broader security strategy. Combining MFA with other security measures such as encryption, intrusion detection systems, and regular security audits will provide a more robust defence against cyber threats. To learn more about what you need for an effective security strategy, you’re welcome to book a consultation with one of our with one of our in-house security experts.