What is MFA, and why is it critical to keeping your organisation secure?

2022-05-05

We know that just using passwords is a security threat and we should all use 2FA. Or MFA, as it is now known.

But what is MFA and why is it so important?

MFA is comprised of 3 areas.

• Something you know: This could be a PIN or a password
• Something you have: This could be an Authenticator App.
• Something you are: This could be a fingerprint or face scan.

If you have a combination of two or more of the above, it is classed as MFA. If you have two of one area, for example a password and a PIN, then it is not classed as MFA.

But did you know not all MFA systems are equal? Older MFA systems are being ‘defeated’ by hackers.

Text message systems are no longer advised as ‘secure’, as it has been demonstrated that SMS text messages are often the weakest link in two-step logins. It is possible for hackers to sometimes hijack the SMS messages meant to keep you safe. Or even sim-swapping which means your authorisation code text message may arrive at a different or duplicate phone.

Whenever possible, it’s worth taking a minute to switch to a better system such as an Authenticator App.

Thinking of systems, no matter how strong they are, the weakest link is generally the user. Recent studies show that if a particular account is attacked multiple times and a user gets multiple prompts on their Authenticator, they are likely to hit ‘Approve’ at some point to stop the annoyance.

Before implementing MFA into an organisation, users on all levels should be fully engaged and educated on their responsibilities. They should know that if they are getting multiple prompts or unexpected prompts then they should be investigated.

Get in touch with our team at Outsource Group to discuss MFA and how we can implement it to keep your organisation secure –  info@osgroup.co.uk