When an account is protected by a single password, the compromise of that password means the compromise of that account. Depending on the role a person plays in a company, the compromise of that account could lead to substantial losses. Multi-factor authentication makes it radically harder for the bad guys to compromise accounts, which in turn makes it harder for them to steal your data, money, etc. Multi-factor authentication adds another step to accessing accounts and services, but those extra seconds—literally seconds—are a small price to pay for one of the most cost-effective and powerful defenses you can put in place.
For about as long as we’ve had computers, accessing them has been, and continues to be, dependent upon two pieces of information: who you are, and what you know. “Who you are” is generally manifested in your login ID: Jane.Smith or JSmith or JaneS@gmail.com. “What you know” is your password (such as, rolltide123).
A second security factor adds the concept of “what you have” to the mix. If you’ve ever logged into your bank’s website when you were away from home, you may have been presented with a message that said they didn’t recognize where you were logging in from, and asked you to enter a numeric code that was sent via text to your mobile phone. That numeric code is the second factor, the “what you have,” which in this case is your cell phone, in addition to what you know (your password). The use of a second factor is a way to reduce the risk that an unauthorized person is trying to access your account. The odds of someone having your login credentials AND your mobile phone, for example, is pretty low.
The whole point of MFA is to make it harder to exploit stolen credentials. If someone has your ID and password, they’re effectively useless against a system with MFA implemented. Trying to circumvent or undercut the multi-factor mechanism is not time or cost-effective for bad guys to try, and since cybercrime is a (illicit) business, time equals money that they don’t want to spend.
Resources
Native Capabilities
Check to see if any of the applications or web-based services you’re using offer MFA. An increasing number of them do. If they do, make sure all employees with accounts on that service implement it immediately.
Google Authenticator
Google apps and services benefit from their own MFA capability, which you install on your mobile phone. Google has also made the capability available to other web-based services. If it is compatible with the apps or services you use, implement it as soon as possible.
https://www.google.com/landing/2step/
Duo Security
A commercial product that is well done, highly regarded, and not terribly expensive (free up to 10 users).
https://duo.com/
Yubikey
If you’re really taking this 2FA thing seriously, and don’t want to use personal cell phones for receiving factors, Yubikey is a very small and easy to use hardware-based solution. It is more expensive than Duo and requires a little more management on the part of your IT people.
https://www.yubico.com/
No comments:
Post a Comment