Complete I.T. Blog

What Is Multi-Factor Authentication and Why Do You Need It?

by | Jan 29, 2020 | Cyber Security

Why do you need to use Multi-Factor Authentication?

What Is It?

You probably would have heard “Two-Factor Authentication” (2FA) being spoken about around the office, Multi-Factor Authentication (MFA) is the same thing but instead of two forms of logging in and securing your device it’s 3 or more.

2FA/MFA is a way of protecting your accounts/logins and therefore your personal and sensitive data. It consists of using different methods to prove you are who you say you are when logging into your online banking, social media accounts and emails.

MFA usually consists of something you know, such as your username and password, accompanied by something you have such as a mobile device or for those who work in finance, a  Smart Card Reader. Thirdly, biometircs would be the final way and would usually involve a finger print or iris scan.

2FA is recognised and used more but if the option to use MFA is there then we would always recommend that you enable it. Most of you are likely to use 2FA everyday but you don’t realise it or know the official name.

 

For Example

What is Multi-Factor Authentication?

Online Banking – Adding a New Payee

  1. Something you know: Username and password to login
  2. Something you are: Fingerprint
  3. Something you have: Text message code

Instore Purchase

  1. Something you have: Debit card
  2. Something you know: Your pin code

Login into Outlook on a New Device

  1. Something you know: Email address and password
  2. Something you have: Text message code

The good thing about enabling 2FA and having it, for example connected to your device.For example, you receive a text with a code from your bank regarding setting up a new payee but you haven’t request to do so, you can then ring your bank up straight away and stop any illegal transactions from happening and because 2FA was set up, you was able to identify and stop this straight away.

The downfall of this is whats known as a SIM swap scam, this is where a criminal will ring up your mobile phone provider and pretend to be you. They pretend your mobile has been stolen and request your number to be imported onto a SIM they own, which means they then have your number and will be the ones to receive the text message authentication code. Scammers have drained thousands of pounds from victims’ bank accounts through Sim swap scams, according to the BBC but thankfully you should be aware of this happening if you use your phone daily.

 

Watch Our Webinar to Learn More

Most common methods for MFA

  • Text message
  • Phone call (this can even work with landlines)
  • Push notification (a dedicated app must be installed and requires an internet connection)
  • One time passcode (OTP)

One time passcodes are 6 digit codes that have a one in a million chance that a hacker can guess. That one in a million chance to guess code refreshes every 30 seconds making it even harder to crack.

 

See MFA in action with Office 365

Why is MFA Important?

With so many applications moving to the Cloud, it is more important than ever to protect your login credentials as although security measures have been put in place, it is your responsibility to fully secure yourself. It may seem like “too much effort” as it is another hurdle to jump before you login but it is very much necessary to protect your data, your reputation, limit business downtime and to avoid huge finds due to regulations such as GDPR .

It’s not hacking if they login as you.

It is likely you are using that password somewhere else so if a cyber criminal manages to login to your account in one place, they can then use those login details to login to your other accounts and access even more data.

It’s important for you to use a different password for every account and ensure your password is strong.

The Reality

In 7 days we had 4769 failed logins from outside of the UK

Within a 7 day period we had 4769 failed logins from outside of the UK

Including 1830 from China, 250 from Russia and 235 from America.

If we didn’t have 2FA/MFA in place these people would be in and they would be taking whatever data they have access to.