There is a specter haunting your accounts, the specter of phishing. We’ve all seen it. Phishing attempts are becoming more and more prevalent and effective. The various methods are becoming increasingly nuanced and crafted. The criminals are getting better and better at bypassing automated filtering as well as tricking users into clicking their nefarious links. It’s truly an epidemic of which there is no foreseeable end.
The good news is that our industry has a strong defense. The defense is multi-factor authentication. MFA, as it’s known because if I.T. loves anything it’s an acronym, comes in many forms. The gist of MFA is that you log in with your user id and password. Then a second form of authentication is invoked. The multi-factor part promising that it’s not just your password that will protect you from malicious hackers. This second form of authentication can take many forms. Some are text messages prompted to be sent at login containing a code to be entered to allow access. Others are software tokens provided by apps running on a cellphone or a hardware token device provided by a security entity. The newest and in my opinion the most convenient is a prompt sent by an application your cellphone. When you try to login to a site or application a popup will present itself on your phone requesting confirmation you’re trying to log in. You press “yes”, “ok”, “Yeah, it’s me” and the authentication sends the approval to allow you to log in.
The great thing about this form of authentication is you must possess the phone or smart device to be allowed access. The hacker can have your login id and password but will not be able to access your data without the proper response to the application popup. This is the beauty of MFA. It’s a second hurdle to cross to log in. For the user, it’s a very small hurdle that is easily vaulted over. For the hacker, it’s a ten-foot wall that requires much more work and lowers the chance of a successful hacking attempt exponentially.
This is the driving reason why we recommend that all entities with the ability to leverage MFA should do so. MFA is not difficult to setup and when setup can be left to guard logins forever after. The level of protection it provides is substantial and worthy of the minuscule startup effort. Many companies offer this service. Microsoft being one. If you’re an Office 365 user it would be well worth your time to implement this massive improvement to your enterprise security. Need help? Contact us. If you’re a single user reading this and wondering if your bank, password management software, or messaging app of choice offers MFA? They most likely do.
By: Jason Ledford