Multi Factor Authentication (MFA) also known as Two factor Authentication (2FA) is one of the key measures to protecting home or remote workers from cyber attack. Many businesses were ill prepared for the sudden move of significant portions of their staff to a remote working environment. Their infrastructure was not designed to support remote staff. In the rush to move people to home working cybersecurity tended to get overlooked.
What is MFA?
Multi factor Authentication is a security system that requires a user to identify their identity using multiple credentials. It requires a user to provide 2 or more verification factors to gain access to a resource like an application, VPN or an online account. Rather than just providing a username and password MFA requires the input of one or several additional pieces of information – often a numeric code sent by SMS or/and a fingerprint scan – to enable access.
Why is MFA Advisable?
Passwords can be fraudulently attained, MFA increases security in the event that a hacker gets hold of a username and password rendering their attempts ineffective. This significantly reduces the likelihood of a cyber criminal gaining access.
How Does MFA Work?
With MFA a user is required to enter additional information to confirm their identity. This additional piece of information (factor) is unique to them and known only by them. If a criminal attempts to gain access to an account using a stolen username and password they will be denied entry without this additional piece of information.
Types of Authentication
The most common MFA factor used is a One Time Password (OTP) which is a 4 to 8 digit code usually received by SMS or email or generated by a smartphone app. A new code is generated periodically or each time a request for authentication is submitted. Other factors include biometrics like fingerprint or voice recognition or something you possess like an access badge or fob or a piece of information such as an answer to previously submitted security questions.
MFA during COVID 19
With the increase in use of cloud technology and workers accessing accounts remotely MFA is more important now than ever. Additional security is needed to ensure that hackers are not able to access systems. MFA can help prevent bad actors gaining access by prompting for additional authentication factors that are difficult for imitators to produce. This in turn significantly reduces the frequency of unlawful access.
MFA for Microsoft 365
Many cloud operating systems such as AWS and M365 have their own MFA offerings. However it is critical that MFA is deployed correctly and this requires expertise. If your business for example has more granular sign-in security needs, conditional access policies give more control. Risk base conditional access can also be configured. To be sure that MFA works as best it can for your business it is best to consult with an IT Services company. Their experts will ensure that all the features available to you are utilised and mapped to your business’s operational needs. They will also advise if additional measures should be taken.
