A complex and long password full of random numbers or letters used to be considered the height of password security – but even the strongest password isn’t much use if someone else tricks you into revealing it. The purpose of password security isn’t to test your brain’s ability to remember a collection of obscure symbols, it’s to validate your identity as the correct owner of the account. To this end, Multi Factor Authentication (MFA) is a far superior way of proving that you are who you say you are.
Ensuring that all our customers have the correct cybersecurity practices in place is a key part of our managed IT services. New York businesses suffer more cyberattacks that anywhere else in the world, so it’s important to take all the steps you can to prevent a security breach.
What Is Multi Factor Authentication?
Multi Factor Authentication (MFA) is also known as Two Factor Authentication (2FA). It refers to the process of using more than one piece of information to secure access to an account. Whereas traditionally your access to an account would consist of a username and password, MFA would require you to also supply an additional piece of information.
Different Types Of Multi Factor Authentication
The most common multi factor authentication examples are the following;
- An MFA code generated by an app
There are several dedicated apps designed for this purpose which are compatible with most accounts which permit MFA. The Microsoft Authenticator, the Google Authenticator, and Authy are all examples of MFA apps. When a user chooses to activate MFA, they install one of the authenticator apps, scan the QR code generated by the service they’re accessing, and from then on will be able to enter a newly generated 6-digit code every time they log in from a new device. Assuming, like most people, you have your phone with you at all times, this is a useful method and is the one which we recommend to our clients.
- An MFA code delivered by SMS
This is similar to the above method but instead of using an app on your phone, the code is delivered to you via an SMS message. For security reasons, this method is not recommended for businesses as there is a higher risk from security threats like SIM swap attacks. Also, as some phones allow you to read messages on the lock screen an attacker who stole your phone may still be able to use the MFA code without having to unlock it.
- A physical MFA device like a USB key
This method is much rarer and is more commonly used to secure physical devices or single installations of software rather than to secure access to online services. A physical device like a USB key or a Bluetooth device must be connected to your machine at the same time as you are attempting to gain access. The benefits and downsides of this method are similar to those of a physical house or car key, namely, it is very secure and unique, but if you lose the key you will have to wait for a replacement to arrive before you can regain access to your device or software.
Why We Recommend Using An MFA Code Generated By An App
While using any of the MFA methods listed above will be more secure than not having MFA, after considering the various advantages and disadvantages of multi-factor authentication methods, we would highly recommend using a code generated by an app rather than using SMS or a physical key.
The reason for this is that using the SMS method leaves you open to SIM-swap attacks where a hacker calls up your phone line provider and tricks them into porting your number to another SIM. Additionally, many mobiles allow you to read new SMS messages on the lock screen without having to unlock the device, meaning an attacker could read the MFA code off your device without needing to unlock it.
A physical device like a USB key is more secure than SMS, but this can be easily misplaced, which would lock you out. Also, the USB key method is most useful when securing physical devices, but many applications and web services also use MFA.
Using an app like Microsoft Authenticator, Google Authenticator, or another similar app is the MFA method we recommend to our managed IT services clients.
Why Is Multi Factor Authentication More Secure?
Multi-factor authentication significantly improves the security of any system that it is used to secure. This is because, even if an attacker knew your login and password, they would be unable to obtain access to your account so long as you had MFA active. They’d need your details, as well as physical access to your unlocked phone, in order to obtain circumvent the authentication.
MFA codes are always time-sensitive, and normally expire in a few minutes. Therefore, a hacker would not only require physical access to your unlocked device, but they would also require it at the exact moment they attempted to log in.
Need More Cybersecurity Help?
We hope this has been a useful overview of the different types of multi factor authentication and of the efficacy of MFA in general. At Carden IT Services, in addition to providing remote IT support services, managed cloud services, and disaster recovery services, we’re always happy to share cybersecurity tips like these. If you are interested in increasing the security of your business and its data, speak to our cybersecurity team today.