Multi-Factor Authentication:
Simple. Effective. Essential.
When it comes to protecting your corporate data, passwords are the weakest link. Stolen login credentials were responsible for 67% of data breaches in 2020. That’s why multi-factor authentication (MFA) is the gold standard for preventing unauthorized access. Just how big is the stolen credential problem and how can MFA help keep your vital business data secure?
Stolen credentials are a big, big problem
Passwords remain the most common way to authenticate online identity, but alone, they provide very little protection. Once a password is stolen, hackers can use the credentials to log in to websites, applications, and networks, bypass other access controls and wreak serious havoc.
In June of this year, researchers discovered a massive database of sensitive data containing 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.
The number of stolen usernames and passwords in circulation has increased by 300% since 2018. There are now more than 15 billion of these stolen credentials, from 100,000 data breaches, available for sale to cybercrime actors on the dark web. To put that into perspective, that’s the equivalent of two sets of account logins for every man, woman, and child on the planet.
How the theft happens
While data breaches are one way cybercriminals gain login credentials, they are not the only way. Phishing emails are a common way that credentials get into the wrong hands. You’ve likely received these emails where the sender poses as your bank or merchant and asks you to verify or update your login credentials. Furthermore, anyone can buy a brute-force password cracker app on the dark web for under $10.
Resourceful criminals use other techniques as well. Password Spraying, for example, is a technique that attempts to use a list of commonly used passwords against a user account name. They may not have to try all that hard, as “password” and “123456” have been the two most common passwords for the past decade.
MFA for every application and every user
Most of us understand that passwords do not provide adequate protection for programs housing sensitive data — they are simply too easy to bypass. Multi-Factor Authentication (MFA) is a security enhancement that requires users to present two pieces of evidence – credentials – when logging in to an account. The credentials fall into these three categories: something the user knows (like a password or PIN), something the user has (like a smart card or one-time code sent to a mobile phone), or something the user has (like a fingerprint). The credentials must come from two different categories – so entering two different passwords is not considered MFA.
Increasingly, software vendors include MFA as an option. Where this is available, we strongly recommend you use it. And for those legacy applications that don’t offer MFA, you can purchase purpose-built MFA applications that can protect any application on any device.
Single sign on keeps it simpler
Requiring users to enter multiple security factors for every individual application used within the organization is not efficient nor scalable. Whenever you add a layer of complexity to process as simple as logging in, you create work for someone. In this case, that someone is your IT team who fields calls, emails, and texts from users locked out of critical applications. This is where Single-sign-on (SSO) comes into play.
Single-sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. Microsoft’s SSO is a familiar option, although there are many others. Combining SSO with MFA creates a single, central login credential that streamlines the effort required to implement and enforce multi-factor authentication.
Simple, effective, and essential
Multi-factor authentication is a simple, effective, and essential tool to help combat cybersecurity threats — especially when used in combination with other security tools such as endpoint protection. A successful MFA initiative involves educating your teams about the importance of strong passwords and MFA — and then backing up that education with technology tools that enforce it. An experienced Managed Services Provider (MSP) is a great resource to help you design, implement, maintain, and enforce MFA throughout your organization. Learn more about how to protect your organization by connecting with one of the security specialists on Net at Work’s Managed Services team.