What is MFA and why do you need it?
Originally published in the Honolulu Star-Advertiser, January 26, 2021
As everyone knows, we in IT love our acronyms. One of the latest that’s been thrown around is MFA, which stands for Multi-Factor Authentication. In our cloud-based world, MFA goes a long way towards improving security. But what is all the fuss about?
The concept behind MFA is quite simple. It is basically a secondary check upon login to websites or software applications. The first factor is a password. The second factor can be a multitude of options but usually is mobile phone based. In current practice, these two factors are the only ones used. In fact, MFA is sometimes referred to as 2FA. However, some logins require more than two factors, such as a specialized USB stick, or even biometric data such as fingerprints or iris recognition.
MFA has been around for decades now, but has really only become practicable with the advent of the smart phone. Back in the day, MFA required the user to carry around another device, such as a usb stick, which added cost and inconvenience. But nowadays, anyone who’s going to log in anywhere carries a smart phone.
So how does it work? As many have already experienced, when logging in to a website, the user is told to check their phone for a one-time code. Enter the code and voila! you’re logged in.
Simple, right? But there are a few things that need to be in place for this all to work. First, when setting up your account, you have to enter your mobile phone number. If it’s a website or application specific to your organization, you have to make sure your employer has the correct number. While many are loath to give up the digits, there’s just no way around this. Anecdotally, to date, we have not heard of any abuses of this information.
Make sure, if given the choice, you opt to use MFA. While this is changing, there are still some websites that support, but don’t require MFA. If it’s a website specific to your organization, check with your IT department.
All mobile devices sold with the last five years, if not more, have the capability to be locked with a passcode, facial recognition, or fingerprint. Make sure to turn this on. Not just for MFA but for security in general.
If supported, use an authentication app instead of SMS text. Examples of third-party authenticator apps include Authy as well as authenticators from Google, and Microsoft. Some password managers such as LastPass offer the service as well.
An authentication app provides secure, encrypted communication of the one-time code. SMS is not encrypted which has led some to criticize its use as a secondary authentication factor. The fact of the matter, however, is that secondary authentication via SMS is still substantially more secure than no secondary authentication at all.
Email is also an option for secondary authentication. But as far as security goes, email authentication trails SMS considerably.
While MFA might seem like a pain, it is a necessity in today’s world. The extra steps required more than offset the security it provides.
Cybersecurity Means Your Peace of Mind
Our Cybersecurity Services protect businesses all over Los Angeles…
InclusiveTech helped us upgrade our home-grown SharePoint site to SharePoint 2013. They consolidated internal and external sites for better maintenance and tight security, and also performed a data conversion/migration of our database to SQL 2012.
— Inland Empire Health Plan
InclusiveTech conducts our annual Cybersecurity Risk Analysis, and manages our entire organization’s I.T., including PC’s, network, phones, cloud based EMR system, and x-ray system.
— Los Angeles-based Orthopedic Specialist
InclusiveTech is offering you a FREE Cybersecurity and Technology Risk Assessment!
Whether you have an upcoming cybersecurity report to make to your board, or you’re just curious to know if your security can pass the test of InclusiveTech’s I.T. Ninjas, take advantage of this limited-time offer today!
YES! I want a FREE Cybersecurity and Technology Risk Assessment!
Please provide your contact details with the best time for us to call you:
Ask us about our comprehensive, cloud-based endpoint management and anti-ransomware software suite for Windows.