When you sign in to an online account, you’re asked to prove your identity (a process we call authentication in the cyber world). Usually, you’ll do so via a username and password. The trouble is, it’s not a very safe way to do it. Usernames can be guessed and many of us use the same, simple passwords for everything.
So it’s been clear for some time we need something better. Enter Multi-factor authentication (MFA). But what is it? And why should you use it?
What is multi-factor authentication?
MFA is an authentication method that requires you to provide two or more verification methods to sign into an application. Instead of just asking for your username and password, MFA adds some extras, like a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information known only to the user.
You’ve probably already experienced this if you used online or signed into a Google account recently. In fact, it’s well on the way to being commonplace for most applications.
The idea behind MFA is very simple. The more locks you have on the door, the harder it is for an intruder to break in. Think of it as adding a cyber deadbolt, a door chain lock, and maybe some cameras for good measure to keep the bad guys out.
Why does your business need it?
Again, the why is delightfully simple. Using MFA can dramatically reduce the chances of a successful cyberattack on your business.
Passwords and user credentials are important, but they’re vulnerable to brute-force attacks and can be stolen by hackers. In contrast, an MFA method like a thumbprint or one-time PIN is very difficult for even the most dedicated cybercriminal to crack.
On top of the obvious security benefits, you’ll also need some form of MFA to complete Cyber Essentials certification. Under the new requirements, MFA should always be used for accounts that connect to cloud services.
What types of multi-factor authentication are there?
Broadly speaking, there are three neat categories of MFA:
- Information you know, such as a password, security question, or PIN
- Objects you possess, such as a smartphone – this is where one-time PINs come in
- Things you are, think biometrics like thumbprints or voice recognition
2FA or MFA?
At this point, you could be forgiven for wondering whether using MFA is overkill. After all, you probably already use two-factor authentication (2FA) for things like your business banking or office suite (Microsoft 365 or Google Workspace). Do you need the extra authentication factors?
Remember the old maxim, beloved by school teachers and parents, ‘it’s better to be safe than sorry’? Well, it really does apply when it comes to cybersecurity. 2FA is hard for cybercriminals to crack and it’s far safer than using just a password. However, it’s a no-brainer to make the risk even smaller by adding extra layers of authentication. The harder it is for cybercriminals to breach your business, the less likely they are to succeed.
Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.