Skip to content
Home Info & Advice

Multi Factor Authentication Made Simple

Multi factor authentication made simple

You have all heard it before:

  1. Use strong passwords
  2. Don’t reuse the same password for different services

Reality is people are people – and they don’t listen.

 

Every week we deal with clients who had a staff member share a password between their business accounts and a third party website online. The website gets hacked/broken into, password stolen and then used to break into all of the staff member’s accounts, including their business email, VPN etc.

All the policies and procedures in the world won’t stop this story repeating over and over again. The correct way to deal with this is multi factor authentication (MFA).The basics of MFA include require at least two different piece of information for a successful login:

  1. A password (something that the user knows)
  2. A code (something that the user does _not_ know)

By requiring both items, the danger of a user sharing their password is vastly reduced as the password itself doesn’t provide access..

 

Legacy MFA systems relied on keychain tokens, however today there are many alternative options. An extremely common solution that many of our clients’ use is based around smart phones.

It looks like this in practice:

Bob wants to log in remotely from outside the office:

  • Bob opens his remote connection as normal
  • Bob enters his username and password as normal
  • Bob’s smartphone beeps and his MFA app asks him to confirm that it is in fact Bob trying to log in.
  • Bob taps “confirm” on his phone
  • System logs in as normal

The extra step adds less than 5 seconds to the login process, but makes it virtually impossible that someone that has stolen Bob’s password can connect to business systems and steal data.The app is controlled by the business despite it being on Bob’s personal smart phone, allowing them to revoke access if required. And to protect Bob the app is not able to access or control any part of Bob’s phone.

The same system can of course be used with physical tokens or other methods if a phone is not available/appropriate.In today’s business world the cost is an important factor, however a modern MFA solution can be had for less than $5 a month which makes it one of the most cost effective security controls available today.Get in touch with us if you would like a demo of the system.

Facebook
Twitter
LinkedIn
  • Read more

Related Posts

Can My Data Be Removed from the Dark Web.

Personal data protection is more important than ever in this digital world. The dark web is a secret part of the internet that is very dangerous because it is often used for illegal things like selling personal information.

The Zen of Zero Trust: Why even my coffee machine insists on an identity check.

Every morning, I stand before my coffee machine, a humble supplicant seeking caffeine. Sound familiar? Probably because you find yourself in much the same position (though in your home, not mine). But the coffee machine is wiser than it appears: It doesn’t care that I’ve spent years navigating the wilds of cybersecurity while exploring select espressos from Brazil and beyond.

Schrödinger’s Breach: The Uncertainty Principle in Cybersecurity.

A throwaway joke got me thinking recently. Any system that appears secure might just be that way because it hasn’t yet been compromised. And as we say in this game, there’s only two types of companies out there, those that have been breached and those that don’t know they’ve been breached.