Multi-factor Authentication for a Layered IT Defense

Clients come to us with a myriad of challenges. But one that seems to be on the minds of every IT Department and c-suite executives is an effective password security solution that will protect their network and make their lives easier.

Last time we checked in, we discussed one solution to protect passwords for the majority of organizations who still use a traditional single-factor authentication system (i.e., user ID/password) – password managers. However, as we have noted previously, a critical component of a comprehensive IT security strategy is a multi-factor authentication (MFA).

What is MFA?

MFA is a security system that requires users to present two or more authentication “factors:” knowledge (something you know, like a password or pin); possession (something you have, like a card or USB); and inherence (something you are, such as a fingerprint scan).

By using multiple security “factors,” MFA creates a layered defense structure, thus making it more difficult for an unauthorized user to access a target (such as your organization’s data or network).

Examples of todays’ common MFA scenarios include:

  • Swiping a card and then entering a pin
  • Logging into a website using a password and then entering an additional code sent to the requester’s phone or email
  • Swiping a card, scanning a fingerprint, and then answering a security question
  • Attaching a USB hardware token to a desktop that generates a one-time passcode and then using that code to log into a VPN client

Why is it important?

One of the biggest problems with the traditional “single-factor” security system is the need to maintain a password database. Attackers are gaining more and more tools to attack personal and enterprise password systems. As hackers get smarter and better equipped, the risk of breaches increase, and with recent phishing and spearing attacks making headlines, we are advising more and more clients to implement MFA to both streamline and strengthen their security processes.

Implementing MFA across every user and IT resource (including cloud and on-premise apps, VPN, servers, etc.) blocks cyber-attacks at multiple points in the attack chain and protects against compromised credentials. It is, in our humble opinion, one of the best ways to proactively prevent unauthorized users from accessing your organization’s data.

But perhaps the biggest benefit of MFA is that it will allow your organization to use advanced security options like single sign-on, which is easier for your employees/end-users and harder for attackers to hack. With single sign-on, the user performs an initial multi-factor authentication process, but once that is complete, s/he can access her/his applications and data without having to enter a password or credential each time. Thus, a little bit of time up front everyday allows users to avoid entering passwords multiple times each day.

While there are many benefits to using MFA, not every MFA software solution is created equally – it is important that you consider cost, integration with your existing IT ecosystem, and the required commitment to maintenance after rollout. We therefore recommend you consult with an MSP or IT provider today to make sure you ask the right questions and identify the solution that is right for your organization. If done right, we’re sure you won’t regret it!