MFA Can Block More Than 99.2 Percent of Account Compromise Attacks
Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack. With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.
Logging in as a user (especially if they have admin privileges) can allow a criminal to send phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.
How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA). According to Microsoft, MFA can block more than 99.2% of account compromise attacks. It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.
What are the three main methods of MFA?
When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same. There are key differences that make some more secure than others and some more convenient.
Let’s take a look at what these three methods are:
SMS-based
The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user. The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered.
On-device prompt in an app
Another type of multi-factor authentication uses a special app to push the code. The user still generates the MFA code at log-in, but rather than receiving the code via SMS, it’s received through the app. This is usually done via a push notification, and it can be used with a mobile or desktop app in many cases.
Security key
The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key is purchased when the MFA solution is set up, and the authentication code will be received and implemented automatically.
The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.
Balancing convenience and security
Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?). This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.
If user resistance is a concern and convenience is the priority, SMS-based MFA may seem like the best option. Since most people are accustomed to receiving text messages, it requires no additional apps or new interfaces to navigate. However, we generally advise against SMS-based MFA unless absolutely necessary, as it is less secure than other authentication methods. Cybercriminals can more easily intercept SMS codes, making them a higher risk for attacks.
When choosing an MFA method, it’s crucial to balance ease of use with security, ensuring a solution that works effectively for both your organization and employees.
Looking for help with setting up MFA?
Multi-factor authentication is a “must-have” solution in today’s threat climate. Contact Yeo & Yeo Technology to discuss your barrier points and develop a solution to better secure your systems.
Article used with permission from The Technology Press.