Posted by: Heather Shy on October 16, 2020 at 8:00 am
This post is based on “A How-To Guide For Multi-Factor Authentication” — a publication by the Cybersecurity & Infrastructure Security Agency (CISA.gov). The original can be downloaded in PDF form by clicking this link.
Have you noticed how often security breaches, stolen data, and identity theft are front-page news these days? Perhaps you, or someone you know, are a victim of cyber criminals who stole personal information, banking credentials, or more. As these incidents become more prevalent, you should consider using multi-factor authentication (MFA), also called strong authentication, or two-factor authentication (2FA).
This technology may already be familiar to you. Many banking and financial institutions require both a password and one of the following to log in: a call, email, or text containing a code. By applying these principles of verification to more of your personal and business accounts, you can better secure your information and identity online.
What Is Multi-Factor Authentication?
Multi-factor authentication (MFA) is defined as a security process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person.
How Does Multi-Factor Authentication Work?
There are three categories of credentials: something you either know, have, or are. Here are some examples in each category:
SOMETHING YOU KNOW
- PIN Number
SOMETHING YOU HAVE
- Security Token or App
- Verification Text, Call, Email
- Smart Card
SOMETHING YOU ARE
- Facial Recognition
- Voice Recognition
In order to gain access, your credentials must come from at least two different categories. One of the most common methods is to login using your user name and password. Then, a unique one-time code will be generated and sent to your phone or email, which you must enter within an allotted amount of time. This unique code is the second factor.
When Should Businesses Use Multi-Factor Authentication?
MFA adds an additional layer of security around sites containing sensitive information. MFA makes it more difficult for unauthorized people to log in as the account holder. According to the National Institute of Standards and Technology (NIST), businesses should use MFA whenever possible, especially when it comes to your most sensitive data — like your primary email, financial accounts, and health records. Some organizations will require you to use MFA; with others it is optional. If you have the option to enable it, you should take the initiative to do so to protect your business data and your personal identity.
How to Activate Multi-Factor Authentication on Your Accounts
To require employees to use MFA on your business software, contact TAZ Networks today. In addition, many common websites and software products have MFA options built in. If your business uses any web-based applications that offer MFA, we highly recommend setting up this option.
User names and passwords are no longer sufficient to protect accounts with sensitive information. By using multi-factor authentication, you can protect these accounts and reduce the risk of online fraud and identify theft.