What and why is 2FA / MFA important?


In 2023, over 1000 companies were hit worldwide by Ransomware and over 15 billion credentials were stolen and obtained globally through hacking and phishing companies and users, causing havoc on an unfathomable scale. This trend is not going away and it is getting more advanced, so its only a matter of time before you become a target.

How can this impact the user or business?

Your credentials are your identity, this can be used if not protected, to fake emails to accounts teams or to users asking for money transfers, make orders and payments, especially when debit / credit cards are saved on unprotected accounts. This would be causing unnecessary stress and additional workloads and to some extreme situations, dismissal from a place of work or put businesses into administration. This is just some of the causes of not having 2FA / MFA enabled.

What is 2FA / MFA?

Think of 2FA (Two Factor Authentication) as an extra layer beyond a username and password for access. MFA (Multi Factor Authentication) is enhancing that with a more robust control mechanism, which could be biometric access, email, push etc. 2FA / MFA is a measure of security to strengthen your digital identity, safeguarding you and your company’s information from being as vulnerable.

Where can 2FA / MFA be applied?

2FA / MFA can be applied to almost all cloud-based services, VPN and Remote applications, however not all services have provisions for allowing this. So, when signing up for a cloud service, sometimes you must look for the options to enable the additional protection, other times you are not given a chance to skip without supplying additional details. In most cases, Microsoft can help protect your Office 365 workload, Google can help protect your Workspace and applications such as Cisco Duo can protect your VPN and cloud services by use of federation or by implementing a radius server.

What type of authentication methods are there?

The types of authentication are shared between 2FA and MFA variations, of which most are supported by Microsoft, Cisco Duo, Google and many more providers, however not all methods are required for authentication. Some of these methods are listed below and you generally choose what is preferred or easier for the use case.

2FA Methods

  • SMS
  • Push Notifications to mobile devices
  • OTP (One Time Password)
  • Email
  • Memorable Data

MFA Methods

  • Biometrics (face, finger, retina, voice)
  • Security Key
  • Location Based
  • Time Based
  • Recovery Codes

MFA is the preferred method and is seen to be more secure than 2FA.

How does it work?

With 2FA, when you sign into an account, whether that is for personal or business use, you may be prompted for a username and password, this is a single factor. After the credentials are added, you may be sent an SMS, email or need to generate an OTP code that changes every 30 seconds.

With MFA, you may just have to add your username initially and then verify using biometrics - very much like unlocking your mobile phone with face ID or Windows Hello to unlock your PC, or by a USB security key inserted with Pin protection.   

Ultimately, you may have a password manager or authentication application on your mobile device linked to your protected accounts. This can help manage and store your details for easy access. This itself is protected by biometrics or pin protection on your phone. However, if you lose access to your phone, you may also lose access to your accounts, unless you have other authentication methods stored on your accounts.

Convincing your organisation to adopt MFA?

Implementing MFA is a critical step forwards to enhancing security, however, does take some planning, so you really need to look at the following.

  • Risk Assessment
  • Business Impact
  • Regulatory Compliance
  • Cost-Benefit Analysis
  • User Education
  • Vendor Support
  • Training and Support
  • Pilot Program

What are the benefits?

Remember, 2FA / MFA is not just an IT initiative, it’s a strategic decision that helps protect your organisation assets and reputation. So, by compelling a case, you can drive some positive changes to fortify your digital defences.

How can Symetri help?

Symetri's focus on 2FA / MFA allows us to help move your organisations security forwards, by creating a compelling case to give to the lead stakeholders. We can also help implement most of these changes and provide training. If you require any further advise relating to this article, please reach out to your account manager or contact Symetri by filling the form on the right.

 

Blog

Introducing the New Microsoft Planner

16 May 2024

Calendars, tasks lists, and project planning tools are important for your business to help keep processes on track and enable task accountability. However, running multiple apps to conduct tasks often adds complexity to a workflow and can have a negative effect on productivity and efficiency.

Learn more