Maintaining a strong security posture means being vigilant and aware of threats and vulnerabilities across the vast Information Technology spectrum. An important security layer to consider is called multi-factor authentication (MFA), also known as two-factor authentication (2FA).
More insurance carriers now require the implementation of MFA before issuing a cyber insurance policy. Depending on the carrier, they may require MFA for just Microsoft 365 Cloud Mail or Exchange OWA mail, or they may extend it to everyone’s login – as well as their devices.
So, what is MFA?
MFA protects us from hackers by ensuring that digital users are who they say they are. When MFA is enabled, a user must provide two or more pieces of evidence (or factors) to verify their identity and gain access to an app or digital resource.
There are three main types of MFA authentication methods:
- Things only you know (knowledge), such as a password or PIN;
- Things only you have (possession), such as a badge, fob, or smartphone; or
- Things only you are (inherence), such as a biometric like fingerprints, retina scan, or voice recognition.
Why is MFA important?
MFA makes stealing your information much harder for the average criminal. The less enticing or harder to access your data it is, the more likely threat actors will choose someone else to target.
As the name implies, MFA blends at least two separate factors to verify it's actually you requesting access to your data. So even if a hacker has your user ID and password, MFA will require the entry of one more piece of information before granting access. It is a simple but powerful method to add a layer of extra protection so only authorized users access your data.
How do I obtain MFA?
Various vendors offer MFA. A very common and effective MFA is to use an app loaded on your mobile phone or a key fob. Both receive a random number generated at regular intervals, usually 60 seconds, from the MFA vendor’s random number generator.
When entering your user ID and password to access an application or other digital resource, the last step is to enter the number displayed on the MFA app or key fob. Once you enter the correct number, the authentication process is complete and you have access.
One could look at MFA as peace of mind since it makes hacking into user accounts much more arduous. We partner with best-of-kind MFA vendors if you need our help to get started.