Passwords are Tricky Business
If you find yourself annoyed trying to remember one of your 50 passwords that require a number, eight or more characters, and a capital letter worry not; you’re not alone. In fact, a 2017 article from Security Magazine claims that the average business user now has 191 passwords to manage. The bottom line is that the number of tools needed to perform critical daily tasks has increased substantially over the years. But there is good news: the technology to access and secure password-protected data has improved substantially as well.
The Death of Passwords
What if passwords weren’t enough anymore? What if all the effort you put into thinking about the perfect balance of letters and numbers to enhance your password wasn’t enough? Well, that’s the situation that most enterprises find themselves in today. Identity theft is the most common consequence of a data breach and has very quickly become one of the most profitable crimes in the world—and Fortune 500 companies aren’t the only targets. In reality, 31% of all cyber attacks are targeting businesses with fewer than 250 employees. So from a business standpoint, keeping confidential data secure is vitally important and should be a top priority for IT and security officers at all organizations.
Adding Mobile Workers into the Mix
With more and more mobile workers connecting to corporate networks from outside the firewall, there are new authentication challenges. To address these challenges many enterprises are turning to multi-factor authentication. Here are three reasons you should use multi-factor authentication for your workforce right now:
1) Multi-Factor Authentication is Easy to Implement and Use
MFA is much easier than people think. For example, a normal multi-factor authentication process would require a remote employee to submit a password and a biometric input like a fingerprint.
Multi-factor authentication requires more than one separate type of input, such as: something you know (like a password), something you are (like a fingerprint), or something you have (like a hardware key).
“Something you know” has been heavily adopted in the finance sector and requires users to create several different question/answer combinations when setting up accounts. Then, when a user attempts to login, he or she is asked one or two of the questions at random. “Something you are” involves biometric authentication like fingerprint scans or facial recognition software. “Something you have” usually requires the user to possess a hardware key or other physical form of verification. Using all three options together typically only adds an additional 5-10 seconds to the login process, creating a relatively friendly user experience while dramatically increasing security.
2) Multi-Factor Authentication Increases Awareness and Transparency
In 2014, eBay’s online records were accessed by digital hackers. These hackers accessed the company database using the credentials of three executive employees and spent roughly 90 days in eBay’s database before being detected. When all was said and done, more than 145 million records were exposed, marking this as one of the largest data breaches in history.
This breach is an extreme example of what can happen when a large corporate database is left exposed by one-factor authentication. If eBay had used MFA at the time, the system likely would have notified the three employees that their credentials had been used on other devices and allowed IT to address the breach in less time.
3) Multi-Factor Authentication is Extremely Flexible
MFA is extremely adaptable and can help a business securely transition employees from a physical office to a fortified mobile environment, adding extra layers of protection for remote employees who need access to extremely sensitive data. For example, an employee could logon to her computer and be forced to enter a password and a random code that was sent to her smartphone for authentication. Then, when that employee eventually needs to access customer records, a third form of authentication could be requested. Safeguards like this can be customized and placed in areas that are deemed the most sensitive, making security officers and IT staff much more comfortable allowing employees to work outside the organization’s network.
The Future of Security
As businesses grow more comfortable with their employees working from home and outside of the office, multi-factor authentication combined with an unbreakable mobile VPN will become an absolute necessity. The only question you should be asking yourself is: how many layers of protection would I like?
- Verified IT and security leaders reveal highest-rated ZTNA platforms in new G2 Grids
- Best practices in finance IT: Sven Goelles from Lincoln International
- Inside NetMotion: A security engineer’s view of SASE
- Best practices in public safety: Alex Bowen of the UK’s National Enabling Programmes
- Accountancy firms look for best practices in a “work-from-anywhere” world