MFA and the NFL Draft
As I watched the opening round of the NFL draft, one of the top prospects was unfortunate enough to have his Twitter and Instagram account compromised. His projected salary was slashed in half because the content from these accounts was seen as a red flag; teams who would have otherwise been unable to draft him were quickly removing him from their lists as he continued to be unpicked. Once he learned what was happening on his accounts, he promptly deleted and disconnected them via his cell phone.
What should have been one of the happiest days of his life, where he was truly living a dream come true, was completely ruined by someone who had enough guile to access his accounts.
Incidents like his could have been completely avoided. Since he had his cell phone with him, an advanced authentication method would have stopped the attempt before it started. He could have been notified via his cell phone that someone was trying to log in to his account. At that point all he would have had to do is deny the access and stopped the threat before it began.
While the above example occurred in social media, it is not foreign to the business world.
With Multi-Factor Authentication (MFA), we are able to add a second layer of security to an account. While a strong password is still fantastic, adding more dimensions like a cell phone or business number to your account is the best way to remain secure. MFA operates in three categories: what you know, what you have, and who you are. By leveraging a combination of these, your account becomes much more secure without much added hassle. With added account security, the business can operate with added confidence that security will not be breached.
As the business world continues to evolve and adopt a work-anywhere-with-any-device philosophy, technology like MFA is not just important, it’s starting to become required. In fact, as of writing this, for a business to obtain PCI compliance, MFA is required for anyone with administrative access to credit card data (https://www.pcisecuritystandards.org/).