Multi factor authentication made simple
You have all heard it before:
- Use strong passwords
- Don’t reuse the same password for different services
Reality is people are people – and they don’t listen.
Every week we deal with clients who had a staff member share a password between their business accounts and a third party website online. The website gets hacked/broken into, password stolen and then used to break into all of the staff member’s accounts, including their business email, VPN etc.
All the policies and procedures in the world won’t stop this story repeating over and over again. The correct way to deal with this is multi factor authentication (MFA).
The basics of MFA include require at least two different piece of information for a successful login:
- A password (something that the user knows)
- A code (something that the user does _not_ know)
By requiring both items, the danger of a user sharing their password is vastly reduced as the password itself doesn’t provide access..
Legacy MFA systems relied on keychain tokens, however today there are many alternative options. An extremely common solution that many of our clients’ use is based around smart phones.
It looks like this in practice:
Bob wants to log in remotely from outside the office:
- Bob opens his remote connection as normal
- Bob enters his username and password as normal
- Bob’s smartphone beeps and his MFA app asks him to confirm that it is in fact Bob trying to log in.
- Bob taps “confirm” on his phone
- System logs in as normal
The extra step adds less than 5 seconds to the login process, but makes it virtually impossible that someone that has stolen Bob’s password can connect to business systems and steal data.
The app is controlled by the business despite it being on Bob’s personal smart phone, allowing them to revoke access if required. And to protect Bob the app is not able to access or control any part of Bob’s phone.
The same system can of course be used with physical tokens or other methods if a phone is not available/appropriate.
In today’s business world the cost is an important factor, however a modern MFA solution can be had for less than $5 a month which makes it one of the most cost effective security controls available today.
Get in touch with us if you would like a demo of the system.