Why do I keep hearing about multi-factor authentication?

Have you noticed that the minimum requirements for a new password are getting more and more complex these days? Even on simple websites like your local florist or your online neighborhood watch group, security is getting tighter and tighter from the very beginning of setting up an account. That’s because businesses of all sizes are waking up to the fact that usernames and passwords are the most common way that thieves and attackers gain access. This is why you’re suddenly asked for a string of characters that includes a myriad of different types, and why the minimum character length is getting longer and longer. The problem now is that we all have so many complex passwords, it’s impossible to keep them straight. Or worse, we get a lazy and use the same password over and over to simplify things, which can make hacking many accounts at once a breeze. This is where multifactor authentication saves the day while adding another layer of protection that’s hard to fake.

So what is MFA, 2FA, two step verification, and all the other acronyms that I’m seeing?

They are actually different names for the same thing. Multi-factor authentication (MFA) is also called two-factor authentication (2FA) and two-step verification. But their definitions are the same: it’s the second step (or factor) that’s needed to verify who you say you are. Your password is the first step, but let’s pretend you’re a hacker trying to access bank records. It’s easy enough to run a simple computer program that can generate hundreds of attempts per second, but if the system requires a separate verification after the correct password is submitted, your stopped in your tracks.

How would multi-factor authentication work for me? How would I use it?

Typically, the second factor is on a different locked device, like your phone. Which incidentally is exactly why your phone should always be set to auto-lock. If your phone is locked and only you know the passcode or have the fingerprint or face it recognizes, then there’s little chance a passer by can access your accounts and be able to verify it on your phone. As soon as you log into any website that MFA is set up on, your phone will pop up a prompt asking you to either allow or deny the access. Then you simply unlock your phone and tap a button to move ahead.

Microsoft has an easy to consume, short two-minute video on MFA and what it’s like to interact with it.

But isn’t this just adding more work to an already annoying log in process?

The answer is yes and no just like you can see a glass half empty or half full. Yes, it’s adding another step, but the benefits and protection you receive are financially free since MFA is available to anyone with a mobile device (GuidingTech.com has a list of the top five iPhone and Android MFA apps). And since data theft is rising, having another layer of protection is just good business sense. The price you pay is to occasionally have to unlock your phone and tap a button. And if you use it in conjunction with a password management tool like IT Glue or LastPass, then you have heightened security and you don’t have to scan your memory for complicated passwords.

The short of it is that as technology advances, so do threats and the protective measures that guard against them. Multi-factor authentication is not going away, and it is currently the most effective way to ensure your systems and users remain safe. Most IT leaders agree that MFA will soon be adopted as a requirement for most websites that deal in eCommerce and data warehousing, so you may have to interact it with it sooner than later. Setting it up for yourself can help you get a head start and keep things organized, so check out the apps available on your phone or contact us to see how we can get your organization set up with the best processes available.