Multi-Factor Authentication – Why It is Important

Importance of Multi-Factor Authentication (MFA) is that it improves upon the standard login procedures everyone is familiar with, entering your username and password. Unfortunately, bad actors take advantage of the fact that people tend to use easy-to-remember passwords across multiple on-line accounts, this layer of protection is no longer viable.

For years this was an acceptable layer of security, but today, it is not enough. Accounts with simple passwords can easily be breached by using a variety of hacking tools.  Worse yet, a re-used password, even a long and complex one, may not be secure if it has been revealed in a data breach.

If you have been notified by one of your service providers (Bank, ISP, Utilities, Social Media App, work) that there was a breach, your password is no longer secure.  Databases of breached account information that reveal Personal Identifiable Information (PII) and the actual passwords associated with the accounts are widely sold and distributed over the “Dark Web”. Re-use of a password on an account that you know was previously breached…well, let’s just say that is a hacker’s dream.

According to the National Institute of Standards and Technology (NIST), a study revealed that the most common passwords used globally has “123456”, “qwerty” (six consecutive keys on a keyboard) and “password” among the top 5 most commonly used authentication passwords.

What is MFA

If you don’t understand Multi-Factor Authentication (MFA), let me try to help you better understand this simple yet effective security measure to increase your organizations and your personal security posture. MFA is layered approach to securing data and applications, it requires the user to present a combination of two or more credentials for verification to login. This simple, and annoying, step increases your security because even if one of your credentials have been compromised, an unauthorized user is less likely to meet the second authentication requirement, denying them access to the targeted physical, computer, network, or database.

Let’s be honest, Multi-Factor Authentication can be frustrating, especially when you are in a hurry or left your phone (with or without an authenticator app) in the other room. But do you know what’s worse?

A breach of your organization and your ePHI or PII.

The implications of a security breach are far reaching and difficult to quantify on a global scale. Regardless of what type of business you are – covered entity, business associates, or a 3^rd party vendor – a breach of your organization’s data can lead to a significant loss of revenue through stop in production, fines, and loss of reputation.

Avoid MFA Fatigue

Haven’t heard this term before, that’s ok, a lot of people hadn’t heard of it until it was revealed that MFA Fatigue was at the heart of the recent Uber Breach.

What is MFA Fatigue? It occurs after a bad actor has obtaining a user’s credentials, and begins to spam the user with MFA authorization requests, tricking the user to approve the request. You might ask how, but that answer is simple – the user eventually becomes worn down or “fatigued” with the barrage of requests that they negligently grant the bad actor access to their account. The best way to protect against this type of attack is through user education.

Closing

Simply put, Multi-Factor Authentication is one of the simplest steps any organization can take to lower the risk of unauthorized access to user accounts and increase your organization’s security posture. Though it is time consuming and frustrating, the best way to approach implementation of MFA is through the education of your organization’s workforce.  Help them understand it’s importance, MFA Fatigue, and how this annoying procedure lowers the risk of a breach.