data security
| |

Multifactor Authentication: 2022 Is the Time to Use It

It’s a new year, which means your business is likely reevaluating your security tactics and beefing up where necessary. One area your company should focus on in 2022 is multifactor authentication or MFA. Why is multifactor authentication so important?

Multifactor authentication includes additional security factors that make it even more difficult for data thieves, hackers, and other cybercriminals to break into sensitive, proprietary data. Activating MFA in your Microsoft Office 365 account is a good first step!

In today’s post, we’ll discuss multifactor authentication more, including what it means, and which factors are required. We’ll also compare it to two-factor authentication and provide more tips for instituting multifactor authentication within your company. 

What Is Meant by Multifactor Authentication?

More than likely, you’ve heard business colleagues and clients refer to multifactor authentication over the years, as the term has become a buzzword in the world of IT. 

More so now, multifactor authentication or MFA has become a concern of business owners as Microsoft updates their Office 365 systems to include MFA.

What exactly is multifactor authentication? MFA is a means of granting account access to an individual using evidence that only they could (or should) have. The pieces of evidence are also referred to as factors, hence the name multifactor authentication.

In using MFA, the goal is to preclude unauthenticated parties from gaining access to your accounts both personal and work-related. Multifactor authentication is applicable in many areas, from your Netflix account to your financials. 

The name multifactor authentication does not hint at a limited number of factors. As of this writing, the number of factors that a user is required to present as evidence is usually up to four but can be between two and four. As the years go by, MFA could encompass more factors.

For now, let’s examine the current factors at play when logging into an account that requires multifactor authentication.

Location

Location-based authentication is the newest of the four factors used in MFA, but this means of authentication has been used elsewhere long before now. 

As the name implies, location-based authentication seeks to validate your login information based on where you are. 

For example, if you were on your work’s corporate network and hard-wired in, then your job might require you to type in a multi-digit pin code to be granted access to the network. 

You won’t stay on the network forever though, especially if you’re working from home. You could still get into the network using location-based authentication, but it would usually require a soft token code to do so.

Wait, what is a token? Tokens are for off-network location-based authentication, such as when using your smartphone or browsing from a mobile device. Examples of token-based authentication include SMS verifications sent to your phone, time-based or event-based single-use password authentication, QR code authentication, and/or push-based authentication. 

Tokens can be physical, such as a key, a bank card, or a USB stick. For that reason, token-instituted location-based authentication has drawbacks. If you lose or forget the physical token, then your data could be at risk. 

Plus, changing systems or accounts means you’d require a new token. 

On top of that, some forms of token-based authentication are not as secure as others. SMS-based tokens are one such example. If you receive a text message to your phone with an authentication code, someone could see the text. They could then take your smartphone and get into it.  

Inherency 

The second factor in multifactor authentication is inherency. These factors are those that are unique to you. Take, for example, keystroke dynamics. 

With keystroke dynamics, science and technology make it possible to determine if you misspelled words and then corrected them (versus spelling them right initially), if you paused while typing for any reason, if you used caps lock versus shifting to capitalize letters, and how quickly you typed.

Inherency factors in MFA encompass facial recognition down to the irises in your eyes. Your voice and fingerprints are other forms of inherency multifactor authentication. Biometrics like these are almost impossible to copy. 

Possession

Possession is a major factor in MFA and indicates that you have something. That something is supposed to be unique to you, sort of like a token in location-based authentication. Unsurprisingly then, tokens are used in possession authentication as well.

The first type of token is known as a connected token. These tokens are physical embodiments that send data to a computer network, such as a USB token, a wireless tag, or a card reader. 

Next, there are disconnected tokens. These aren’t plugged into or otherwise connected to the main computer. They can include one-time passwords. 

Soft tokens, which are short for software tokens, are used on smartphones, laptops, tablets, and desktop computers. These duplicatable tokens are the opposite of hardware tokens, which you cannot copy. 

Knowledge

The fourth factor in multifactor authentication is knowledge. No, this factor doesn’t test your intelligence, but rather, requires information that no one else should know besides yourself. 

Outside of a password, knowledge authentication can include a PIN number (such as what your ATM requests of you to log into your bank account). 

Since these forms of authentication are usually the easiest to crack, knowledge authentication should be used in conjunction with the other factors described above. 

How Is Two-Factor Authentication (2FA) Different Than Multifactor Authentication (MFA)?

Now that you’re more acquainted with multifactor authentication, let’s take this section to differentiate it from two-factor authentication.

Two-factor authentication is sort of like the old guard. Many companies have been using it for years; maybe even yours too. 

With two-factor authentication, factors are still at play. A classic example is each time you visit the bank to take money out of an ATM. First, you have to insert your card, which is a possession factor. Then you must input your unique pin code, which is a knowledge factor.

The limiting part of two-factor authentication is that it never exceeds two factors. Thus, it’s less secure than multifactor authentication.

Here’s an easy example of how two-factor authentication can be cracked. Let’s say you’re out shopping and you’re in a big rush. You drop your debit card and don’t even realize it.

Someone picks it up, and rather than return it to the store, they keep your card. They visit your bank and insert the card into the ATM. 

Then it’s just a matter of guessing your pin code. If the code is only four digits, then there is only a finite amount of useable number combinations. 

Multifactor authentication, on the other hand, does not stop at two authenticating factors. As we discussed in the last section, you could be required to input three factors, four factors, and perhaps more someday in the future.

The more factors required–as annoying as it can be for consumers to have to deal with–the securer your accounts and data. 

The Benefits of Multifactor Authentication

Multifactor authentication can be highly advantageous, which explains why companies such as Microsoft and many others are making the move to MFA. Let’s examine the benefits of multifactor authentication now.

Mobile-Friendly

With more offices across the country exploring remote working than ever before, the need for security even when employees are outside of the office has become apparent. With multifactor authentication, your business can ensure that employees’ data remains safe whether they’re connected to your network or are outside of it.

Scalable

All companies intend to grow, and you need solutions that will grow with you just the same. Multifactor authentication is scalable so that whether your company adds 10 employees over the next year or 100, everyone can have a safer, securer, and more streamlined login process. 

SSO Compatible

Another form of authentication known as single sign-on or SSO allows users to sign in with one ID that’s connected to independent software systems. In other words, you can use the same credentials to access more than one website or application.

If that method sounds like it could use some security bolstering, the good news is that SSO and MFA play nicely with one another. If you’re logging in to a website or app for the first time (or the first time in a while), then you’d use a single-use password that you receive via text or email. 

Customizable

Another definite plus of multifactor authentication is that you can customize it. If you want to focus more on biometrics because your office has a fingerprint scanner, that’s one such option. Perhaps you prefer more location-based authentication or even a mix of both. 

There’s no rule saying you must use all four factors of authentication when instituting MFA. You should weigh the strength of your current security solutions and then go from there. 

How Can Your Business Begin Instituting Multifactor Authentication?

To reiterate, it’s only a matter of time before using Microsoft’s Office 365 software will require multifactor authentication to log in. According to a 2021 article in Financial Post, more than a billion people across the globe use Office. 

This change is going to affect a lot of people when it’s instituted. Your company might wish to get ahead of the eight ball and begin utilizing MFA now. 

That will require selecting a multifactor authentication software. Here are our tips for doing that.

Double-Check That the Software Specializes in MFA, Not 2FA

Two-factor authentication, as we’ve established, can be valuable, but it’s already being outpaced by multifactor authentication. It will only be a short matter of time before MFA replaces 2FA. 

You don’t want your company to get left behind because you invested in a long-term contract for a two-factor authentication software.

With multifactor authentication software, you have the option to use only two factors or up to four (or more). You don’t get that same freedom with two-factor authentication software. 

Create a List of Must-Have Features

What features must your company have in MFA software? That’s for you and your team to decide internally, but be sure to create a list. 

Then, use that list as you compare software options. You want to select a software that has ideally as many of the features from your list as you can find, even all of them if possible.  

Compare Quotes

Rather than jump for the first MFA software option that seems viable, contact a few other contenders on your list and collect quotes. After you have five or 10 quotes, compare them. 

You don’t just want the cheapest option, per se, but a software solution with prices that are commensurate with the services offered. 

Take Advantage of Free Trials

You don’t want to be in the sticky situation of having already paid for software but finding out later that it’s too slow or clunky. That’s exactly why free trials exist, so be sure to use them. 

Involve several members of your company. At the end of the free trial, meet with those software users and ask about their experiences. If several of you are complaining about the same issue, then you might be better off selecting a different software option. 

Conclusion 

Multifactor authentication or MFA is the future of protecting data. Microsoft will soon require MFA for all Office 360 software, and many other popular brands from Amazon to Apple request it of their users as well. To learn more about MFA and why it’s so important for your business, check out our I.T. Overdrive podcast!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *