Multi-Factor Authentication (2024)

Table of Contents
Share What is Multi-Factor Authentication (MFA)?

Share

Multi-Factor Authentication (1)

Protecting Your Small Business: Multi-Factor Authentication

See Also
Three tips for improving your Secure Score  -

You’ve recently set up a travel management portal for your small business that requires everyone to log in using a username and password. The portal also requires a user to have an authentication app on their phone for verification of their identity. That way, a one-time code will be accessed in the authentication app and entered into the portal to confirm their identity. This scenario depicts the use and benefits of multi-factor authentication, an increasingly common method to add multiple layers of security to internet-enabled services.

What is Multi-Factor Authentication (MFA)?

Passwords alone are not effective in securing your most sensitive business assets, as they have become too easy for threat actors to access. MFA is an important security enhancement that requires a user to verify their identity by providing more than just a username and password. It requires a user to provide a combination of two or more of the following:

  • something you know (like a password or PIN)
  • something you have (like a smart card or security key)
  • something you are (like your fingerprint or face)

Protecting Your Business from a Common Cyber Threat: Phishing

Due to their effectiveness and simplicity to carry out, phishing attacks have rapidly become the tool of choice for cyber criminals. But what is phishing? Phishing refers to a variety of attacks that are intended to convince you to hand over sensitive information to an imposter. These attacks can come in many forms—most commonly in the form of a convincing email, text message, or social media message. What are they seeking? They’re looking for financial gain and your account credentials, such as your password, pin, or one-time passcodes.

How does MFA Protect My Business From this Threat?

If a password is compromised, MFA creates a second barrier that makes it much hard for the threat actor to access your systems and data.

Example: Unfortunately, you received a convincing phishing email from what you thought was your accounting software provider. You entered your credentials into the fake website, giving the imposter your username and password. Thankfully, you have MFA enabled on this account. In addition to a username and password, a user also needs a security key to be granted access. Because the criminal did not have access to this security key, you were able to avert the crisis.

Taking MFA to the Next Level: Phishing-Resistant Authentication

Enabling MFA on all accounts that offer it is essential for reducing the cybersecurity risks to your business. However, some forms of MFA are more secure than others– as some forms of MFA can be susceptible to phishing threats such as One Time Pins (OTPs) and SMS based codes.

  • FIDO authenticators paired with W3C’s Web Authentication API are the most common form of phishing resistant authenticators widely available today. These can take the form of separate hardware keys or be embedded directly into platforms (for example your phone or laptop). Availability, practicality, and security of these “platform authenticators” increasingly puts strong, phishing resistant authenticators into user’s hands without the need for additional devices or dongles.
  • Not every transactionrequiresphishing resistant authentication. However, for applications that protect sensitive information (such as health information or PII data) or for users that have elevated privileges (such as admins or security personnel) organizations should be enforcing, or at least offering, phishing resistant authenticators.
  • Individuals should explore the security settings for their more sensitive online accounts to see if phishing resistant authenticators are available and make use of them if they are. In reality, these tools are often easier, faster, and more convenient than the MFA – such as SMS text codes – they may currently be using.

Learn more here:https://www.nist.gov/blogs/cybersecurity-insights/phishing-resistance-protecting-keys-your-kingdom

Questions to Consider

  • Have we completed an inventory of all our systems to determine which ones offer multi-factor authentication?
  • Have we enabled MFA on our most sensitive accounts? Are phishing resistant options available to us for use on our most sensitive applications?
  • Do employees understand how to enable MFA and its importance in protecting the business?
  • Do we have a policy for requiring use of MFA and phishing resistant MFA?
  • Beyond MFA, are we considering other ways to manage access to our systems and data, such as:
    • Access to systems and data is limited to only those who need it to do their jobs.
    • Access is removed when needs change or when employees leave the business.
    • Administrative privileges to systems and devices are limited to only certain employees.
    • Using a password manager tocreate and store strong passwords.

Technical Deep Dive

  • NIST SP 800-63 Digital Identity Guidelines
  • NIST Identity and Access Management

Related Resources

Multi-Factor Authentication (2024)
Top Articles
Top 10 Tools to Connect Google Sheets to Databases | Castodia - Import data to Google Sheets on a schedule
Until you make the unconscious conscious, it will direct your life and you will call it fate.
Craftsman M230 Lawn Mower Oil Change
The Definitive Great Buildings Guide - Forge Of Empires Tips
FFXIV Immortal Flames Hunting Log Guide
The Pope's Exorcist Showtimes Near Cinemark Hollywood Movies 20
Gameplay Clarkston
Ub Civil Engineering Flowsheet
Nikki Catsouras Head Cut In Half
Skip The Games Norfolk Virginia
DIN 41612 - FCI - PDF Catalogs | Technical Documentation
Taylor Swift Seating Chart Nashville
No Strings Attached 123Movies
Washington Poe en Tilly Bradshaw 1 - Brandoffer, M.W. Craven | 9789024594917 | Boeken | bol
Houses and Apartments For Rent in Maastricht
Patrick Bateman Notebook
Daily Voice Tarrytown
Elemental Showtimes Near Cinemark Flint West 14
Mission Impossible 7 Showtimes Near Marcus Parkwood Cinema
Noaa Ilx
How to Grow and Care for Four O'Clock Plants
St Clair County Mi Mugshots
Boston Dynamics’ new humanoid moves like no robot you’ve ever seen
Brbl Barber Shop
D2L Brightspace Clc
Water Temperature Robert Moses
Farm Equipment Innovations
*!Good Night (2024) 𝙵ull𝙼ovie Downl𝚘ad Fr𝚎e 1080𝚙, 720𝚙, 480𝚙 H𝙳 HI𝙽DI Dub𝚋ed Fil𝙼yz𝚒lla Isaidub
Account Now Login In
Publix Daily Soup Menu
Metro By T Mobile Sign In
Mbi Auto Discount Code
Mg Char Grill
Craigslist Neworleans
Craigslist Red Wing Mn
4083519708
Raising Canes Franchise Cost
About :: Town Of Saugerties
Second Chance Apartments, 2nd Chance Apartments Locators for Bad Credit
Sam's Club Gas Prices Deptford Nj
Tsbarbiespanishxxl
Nami Op.gg
Memberweb Bw
Iupui Course Search
3500 Orchard Place
Phmc.myloancare.com
Dayton Overdrive
ESPN's New Standalone Streaming Service Will Be Available Through Disney+ In 2025
Zalog Forum
The Ultimate Guide To 5 Movierulz. Com: Exploring The World Of Online Movies
Latest Posts
Recover Permanently Deleted iPhone Photos without Backup
5 Porto neighborhoods you won’t want to miss
Article information

Author: Tyson Zemlak

Last Updated:

Views: 6459

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Tyson Zemlak

Birthday: 1992-03-17

Address: Apt. 662 96191 Quigley Dam, Kubview, MA 42013

Phone: +441678032891

Job: Community-Services Orchestrator

Hobby: Coffee roasting, Calligraphy, Metalworking, Fashion, Vehicle restoration, Shopping, Photography

Introduction: My name is Tyson Zemlak, I am a excited, light, sparkling, super, open, fair, magnificent person who loves writing and wants to share my knowledge and understanding with you.