What’s the magical number of stolen credentials for a bad guy to choose from?
15. Billion.
That’s right, there are 15 billion compromised credentials floating around the internet just waiting to be used in order to have accounts accessed by bad guys.
And what happens if someone becomes the unlucky winner of the worst kind of lottery ticket and accounts are accessed without their consent: bank accounts, health care records, company secrets, and more could be held for ransom.
This is why it’s become important to have additional layers of security. A great example of this additional layer of security is called multi-factor authentication (MFA). The ironic side of this coin is that it takes a person to enter all the information for the multi-factor to be accepted.
Why is MFA Important?
MFA is a method of ensuring that a user is authentic and authorized to access a system or platform. MFA is used to enhance the security of an account by requiring additional forms of identification before logging in. This helps with brute force attacks and/or if the username or password was stolen by bad guys.
Fun Fact: The concept of multi-factor authentication predates the advent of online services. Barclay bank machines in north London were the first Automated Teller Machines to use similar technology as early as 1967.
Authentication: How We Know It’s You
We know that in order to access a system or application a user has to prove that they have an account and are authorized. That’s called authentication. The simplest way is by adding a password (that’s one factor of authentication).
An increasing concern today is the upkeep of protecting our personal data with so many bad guys out there. Some of the threats are ever-increasing such as passwords being stolen through phishing attacks, malware, or hackers sniffing Wi-Fi packets.
Most of these attacks can happen without the user even knowing it is.
Ok, Cool, But How Does MFA Work?
Many services are turning to other methods of authentication for an extra layer of protection — this is usually beyond just a traditional username and password, incorporating the user’s phone or security key.
Here’s a great example of how MFA works:
- Things you know (knowledge), such as a password or PIN
- Things you have (possession), such as a badge, smartphone, or smartwatch
- Things you are (inherence), such as a biometric like fingerprints or voice recognition
Another example is when a user is logging into a platform with the username and password, another prompt comes up asking if a code should be sent to the user’s phone number or email address on file.
After the code has been sent, enter into the form field, and presto, the user has access and all is well in the world.
No, It’s Not A Pain. Enable MFA Already.
61% of data breaches involve the use of unauthorized credentials. – 2021 Data Breach Investigations Report, Verizon
Here’s why MFA should be adopted: It enables stronger authentication and protects your data from being accessed by someone that shouldn’t have that access.
Even if a password has been compromised, if MFA has been enabled, a user still has protection by having to give the bad guy the code being sent to one of their additional accounts or devices.
MFA is one of those security additionals that offers an additional level of security without compromising a user’s experience.
At CyberMaxx, we’re not asking why organizations need to enable MFA, we ask why they haven’t already made the practice a requirement of all their users in order to protect the company’s networks and other devices.