Gone are the days when you could punch in that password and go about your business. Due to increasingly sophisticated and hi-tech social engineering, brute force, and dictionary attacks, times have changed. Today’s post about multifactor authentication best practices showcases how companies can stay two steps ahead of threat actors with similarly sophisticated security systems.
Multifactor authentication does not need to be complicated.
As a first step towards better security, organizations that use password-based authentication need to implement multifactor authentication (MFA).
MFA works by requiring two or more pieces of evidence that confirm your identity. It acts as an extra layer of security that:
Prevents attackers from exploiting employee accounts
Stops unsanctioned intrusion attempts into a network
Protects data in case your password credentials have been compromised
To learn more about how multiple authentication factors work, we’ve got an excellent MFA explainer here.
Let's take a look at five ways organizations and workers (both onsite and remote) can take advantage of MFA to secure their data and intellectual property.
What happens if a company that relies on SMS-based verification finds out that lack of cellular connectivity can cause unforeseen problems for their employees? No SMS, no entry.
From a security perspective, relying on one authentication factor is not recommended.
Make sure your MFA solution relies on the availability of multiple factors that give users freedom to choose the most convenient option for them.
Here are some MFA methods that are commonly used:
Tip: Ensure that your password recovery and second-factor authentication medium are different. For example, if your organization does password recovery via email link, choose another acceptable medium like in-app OTP for secondary authentication.
While this may seem like a no-brainer at first, education is very important. This is because when it comes to security, the weakest link in the chain is the user.
You need to get buy-in from users for a successful MFA rollout. As part of your education program, you will need to update users about the new MFA processes, why are they being implemented, and the timeline for rollout.
Users who know how to use MFA effectively are a better investment. Make sure you start proper education programs for workers to help them learn why MFA is important and how to use it properly.
And while you’re at it, administrators should also consider user experience. Frustrated users will either choose to opt out of multifactor authentication (if allowed), or resort to workarounds like keeping workstations unlocked. These tactics defeat the purpose of MFA altogether.
Data safety laws have outlined certain standards and best practices for security authentication. Examples for phishing-resistant MFA legislation and standards include:
Keep in mind that a weak authentication system can not only open you up to cyberattacks but also fines and penalties by regulators.
If you are planning to onboard new remote workers, make sure you audit and authorize all work-from-home equipment with properly configured MFA software. This can, however, be a time-consuming process. An easier way to do this is to provide work laptops and design a seamless onboarding process with video meetings.
With the increased adoption of hybrid and remote workplaces, users need authentication methods that are secure and tailored to their reality.
But what if your employees don’t have internet access for authentication purposes? MFA solutions can be flexible without compromising on your security.
For example, one idea for offline MFA is hardware tokens e.g. decentralized device-stored PINs. Tokens can work as one-time passwords and are easily tracked by security managers remotely.
Security administrators can design other systems that are custom-tailored to their working environment. They can use these questions to come up with their plan:
Adaptive systems can detect any anomalies and take care of threats proactively.
For example, you can use adaptive MFA systems to blacklist certain access locations e.g. public Wi-Fi hotspots.
We talked a bit about reducing user friction when it comes to adopting MFA. Adaptive MFA can use contextual information to eliminate extra verification facts so that users can get to work faster than ever.
Adaptive MFA, also known as step-up authentication, can make use of these contextual data for improved user experience:
IP Address
Geolocation data
Device information
33% of people do not use MFA because it is tedious, annoying and a pain to set up and use. But with the right education and awareness, employees can learn how multifactor authentication works to protect themselves, their assets, and their workplaces. As far as cybersecurity awareness month ideas go, this one needs to be on the top of every organization and security administration to-do lists.
Note: This blog is part of Pureversity's Cybersecurity Awareness Month 2023 coverage, aiming to empower you, your home, and your workplace with an improved cybersecurity posture.