We all know the story of the three little pigs, right? You know the one where three pigs each build a house made of straw, sticks, and bricks, and the big, bad wolf comes and blows all of the houses in except for the brick house? This story is a perfect example of how important multi-factor authentication (MFA) truly is to our businesses and personal lives.
How is that so, you ask? To explain further, let’s first identify what MFA really is. This is the process by which websites and applications validate a user and grant access into protected areas by using two or more pieces of evidence, or factors, of identity. Do you use websites that won’t log you in until sending you a text message or applications where you have a physical VPN token with a unique code to enter? Those are both examples of multi-factor authentication. While these methods may slow your productivity down by 30 seconds or so and you may feel like they are a nuisance, they are absolutely critical to protecting your business.
For example, in our three little pigs story, the pig who chose to build his house of straw believed his house would protect him from the big bad wolf. And while the straw house did protect against some wind, once the big, bad wolf arrived he blew the house over with ease. This is how using a password only works on applications you use. By using only a password and sometimes a password that is too simple or overused across applications, hackers are able to infiltrate your applications in a much easier fashion. Often individuals also only have 2 – 3 passwords that are set up for all of their applications so without MFA, if a hacker discovers one of these passwords, they are able to access many systems. Without the additional factors enabled as deeper validation of your identity, you are a sitting target for hackers to enter your systems and wreak havoc on your business.
Contrarily, the brick house was built to withstand most weather and the big, bad wolf. With the reinforced house, the wolf will have a much more difficult time entering the house and quite possibly won’t be able to blow it over at all. This is similar to hackers who aren’t able to find your password AND have access to your additional evidence. Without both, they won’t be able to access your applications.
MFA in reality can be executed in a number of different ways as offered by the service provider but always involves more than one method to ensure reinforced protection. This is not an exhaustive list but gives an idea of the methods being used to layer protection against entry into your accounts.
- Knowledge that only the user knows.
- Security questions such as your mother’s maiden name (or something more complex)
- Possession of equipment only the user has.
- Texting your phone a code that you then enter into the application
- Having a debit card for ATM withdrawal
- VPN token keychain
- Inherence or a biometric attribute of the user.
- Eye retinas
- Voice recognition
- Geography of where the user is located when trying to enter
The good news is that implementing MFA to protect your accounts is relatively straightforward. Here are some tips surrounding enabling MFA:
- For any application that offers MFA (and it’s growing all of the time), be sure to enable this feature.
- Be proactive about searching this feature out with your application providers, especially when negotiating new agreements.
- As with all security-related considerations, provide passwords that are unique and difficult to guess.
- If an application offers this for an upgraded price, consider asking if they are willing to include it at the standard rate to keep the account secure for their benefit and yours.
- If you encounter an application that doesn’t offer it, consider requesting it so that they know it is important to their users. When possible, consider looking at alternative solutions with a greater emphasis on security.
- While we’re focused on helping businesses with their cybersecurity, encourage employees to utilize MFA for their personal accounts including banking, social media, and email.
All accounts should have this enabled but this is especially important for any application that contains financial information, customer data, or health records.
While the extra step of ensuring your identity is validated can be slightly annoying at the moment, the benefits to this brief delay are countless and the risk of being hacked is far greater than the brief delay. So, don’t take half-measures by only utilizing a password. Build your brick house and protect your assets, your bank accounts, your customers, and your employees by enabling multi-factor authentication. Just like the third pig, you’ll be happy you did.