Cybersecurity Awareness Month: Turn on Multifactor Authentication

We are recognizing Cybersecurity Awareness Month this October by sharing tips to promote a strong and resilient security culture in your organization. To turn away cyber-attacks, a little knowledge teamed with critical thinking skills can go a long way!

Multi-Factor Authentication (MFA) is the process of a user or device providing two or more different types of proofs of control associated with a specific digital identity, to gain access to the associated permissions, rights, privileges, and memberships. Two-Factor Authentication (2FA) implies that exactly two proofs are required for a successful authentication and is a subset of MFA.

Decades of successful attacks against single-factor authentication methods, like login names and passwords, are driving a growing large-scale movement to more secure, multi-factor authentication (MFA) solutions in both corporate environments and by websites everywhere. This trend is exemplified by the fact that over the last few years, the most popular websites and services, including those owned by Google, Microsoft, Facebook, and Twitter, have offered MFA solutions to their customers. Many internet sites and services now offer both traditional login name/password solutions and more secure, MFA options.

The broader adoption of MFA is a positive development for computer defenses and can reduce many of the threats that would otherwise be more readily successful against single-factor authentication solutions. All other things considered equal, all admins and users should consider and use MFA solutions instead of single-factor authentication solutions to protect sensitive data. In a recent National Cybersecurity Alliance survey, 57% of respondents said they have heard of multifactor authentication (MFA), but many people don’t realize that multifactor authentication is an incredibly important layer of protection in keeping accounts secure.

TIPS AND ADVICE

MFA provides extra security by providing a secondary method confirming your identity when logging into accounts. One version of MFA requires you to enter a code sent to your phone or email, or one generated by an authenticator app. Push notifications are also common methods of MFA. This added step prevents unauthorized users from gaining access to your accounts, even if your password has been compromised because they likely won’t also have access to the code or other method of authentication.

FOLLOW THESE STEPS TO TURN ON MFA

Open your app or account settings - It may be called Account Settings, Settings & Privacy or similar.

Turn on multifactor authentication - It may also be called two-factor authentication, two-step authentication or similar.

Confirm - Select an MFA method to use from the options provided. Examples are:

• Receiving a code by text or email
• Using an authenticator app: These phone-based apps generate a new code every 30 seconds or so
• Biometrics: This uses facial recognition or fingerprints to confirm your identity

CAUTION: The ability of MFA to reduce computer security risk has been overstated by many vendors and proponents, leading to a misunderstanding that the application of MFA means all attacks that were successful against single-factor authentication cannot be successful against MFA. For example, many MFA admins and users believe that email phishing is no longer a threat because users cannot be phished out of their login credentials. This is not true. As this webinar from KnowBe4 highlights, there are numerous ways to hack MFA. Diligence and support of a strong cybersecurity culture remains important with all technology applications. #SecureOurWorld