How can this impact the user or business?
Your credentials are your identity, this can be used if not protected, to fake emails to accounts teams or to users asking for money transfers, make orders and payments, especially when debit / credit cards are saved on unprotected accounts. This would be causing unnecessary stress and additional workloads and to some extreme situations, dismissal from a place of work or put businesses into administration. This is just some of the causes of not having 2FA / MFA enabled.
What is 2FA / MFA?
Think of 2FA (Two Factor Authentication) as an extra layer beyond a username and password for access. MFA (Multi Factor Authentication) is enhancing that with a more robust control mechanism, which could be biometric access, email, push etc. 2FA / MFA is a measure of security to strengthen your digital identity, safeguarding you and your company’s information from being as vulnerable.
Where can 2FA / MFA be applied?
2FA / MFA can be applied to almost all cloud-based services, VPN and Remote applications, however not all services have provisions for allowing this. So, when signing up for a cloud service, sometimes you must look for the options to enable the additional protection, other times you are not given a chance to skip without supplying additional details. In most cases, Microsoft can help protect your Office 365 workload, Google can help protect your Workspace and applications such as Cisco Duo can protect your VPN and cloud services by use of federation or by implementing a radius server.
What type of authentication methods are there?
The types of authentication are shared between 2FA and MFA variations, of which most are supported by Microsoft, Cisco Duo, Google and many more providers, however not all methods are required for authentication. Some of these methods are listed below and you generally choose what is preferred or easier for the use case.
2FA Methods
- SMS
- Push Notifications to mobile devices
- OTP (One Time Password)
- Email
- Memorable Data
MFA Methods
- Biometrics (face, finger, retina, voice)
- Security Key
- Location Based
- Time Based
- Recovery Codes
MFA is the preferred method and is seen to be more secure than 2FA.
How does it work?
With 2FA, when you sign into an account, whether that is for personal or business use, you may be prompted for a username and password, this is a single factor. After the credentials are added, you may be sent an SMS, email or need to generate an OTP code that changes every 30 seconds.
With MFA, you may just have to add your username initially and then verify using biometrics - very much like unlocking your mobile phone with face ID or Windows Hello to unlock your PC, or by a USB security key inserted with Pin protection.
Ultimately, you may have a password manager or authentication application on your mobile device linked to your protected accounts. This can help manage and store your details for easy access. This itself is protected by biometrics or pin protection on your phone. However, if you lose access to your phone, you may also lose access to your accounts, unless you have other authentication methods stored on your accounts.
Convincing your organisation to adopt MFA?
Implementing MFA is a critical step forwards to enhancing security, however, does take some planning, so you really need to look at the following.
- Risk Assessment
- Business Impact
- Regulatory Compliance
- Cost-Benefit Analysis
- User Education
- Vendor Support
- Training and Support
- Pilot Program
What are the benefits?
Remember, 2FA / MFA is not just an IT initiative, it’s a strategic decision that helps protect your organisation assets and reputation. So, by compelling a case, you can drive some positive changes to fortify your digital defences.
How can Symetri help?
Symetri's focus on 2FA / MFA allows us to help move your organisations security forwards, by creating a compelling case to give to the lead stakeholders. We can also help implement most of these changes and provide training. If you require any further advise relating to this article, please reach out to your account manager or contact Symetri by filling the form on the right.
Author
Barrie Elliott
Barrie Joined Symetri in 2007 as a Helpdesk Engineer and has progressed to an IT Solutions Specialist. Prior to joining Symetri, he used to manage an Automotive Business as an Engineer and was a senior Electronic Engineer repairing mobile phones before that. He is a Qualified Electronics Engineer holding a City and Guilds 224 in Electronic Servicing and also an NVQ in Engineering. Engineering and IT has always been his passion since he was child and with this enthusiasm and keenness, he continues to enhance his knowledge in new technologies. His knowledge varies across the board including Virtualisation, Storage, Cloud solutions and much more. He also delivers client training, installations, pre-sales and consultancy for various products, along with fully supporting the Helpdesk for escalated calls.