Is your data safe enough?

In Verizon’s 2018 breach investigation report, over 65% of network intrusions were a result of hacking or social engineering attacks. So what can businesses do to protect against hackers’ attempts at accessing their data?

When it comes to best-practices for online security, two-factor authentication (2FA) and multi-factor authentication (MFA) are always brought to the fold. As time goes by, online service providers are increasingly recognising the importance of ensuring a higher level of security for their online accounts. 2FA and MFA add additional levels of user verification during the login process, making a hacker’s life much more complicated in order to successfully gain access.

With all this talk of 2FA and MFA, it’s crucial to understand the concept behind an authentication factor. By definition, an authentication factor is a category of methods used to verify a user’s identity and credentials when requesting system access. They’re there to make sure the user is who they say they are.

Since usernames and passwords fall under the same factor, they form a single-factor authentication (SFA) when combined. In general, authentication factors are usually split into three categories: knowledge, possession and inherence factors. There are additional categories, however most online accounts make use of these three:

• A knowledge authentication factor includes information only a user should know (i.e username, password)
• A possession authentication factor includes credentials retried from a user’s physical possession, such as a hardware device (i.e. security token, mobile authenticators etc.)
• An inherence authentication factor includes a user’s identifiable biometric characteristic (i.e. fingerprint, voice, iris scan)

Based on the categories described, single-factor authentication requires credentials from only one category. Meanwhile, two-factor authentication involves two, so for example a username + password and a security token. Finally, multi-factor authentication requires credentials from at least two or more categories, meaning another authentication factor such as fingerprint recognition could be added in addition to the 2FA.

For example, Microsoft’s Multi-Factor Authentication (MFA) requires the use of more than one verification method and adds a second layer of security to user sign-ins and identity transactions. With MFA in place, hackers do not have access to the second-factor device to login. The end user experience can be improved by not prompting a second factor when they are on a trusted network or using a domain joined PC.

Just as user identity theft continually evolves through the latest types of attacks, MFA continuously improves user security and meets stronger security policies, which are required today. 

Two-factor authentication and multi-factor authentication definitely improve the level of security on all your online accounts. However, strong policies requiring complex passwords and changing them regularly should not be forgone when implementing 2FA or MFA.

At BMIT we can help in enabling multi-factor authentication, and a range of other security features, across your organisation. Talk to us.