Relying on username and password for authentication is no longer adequate for protecting your data or site access. Multifactor authentication or MFA requires approval on another device whenever you authenticate to a site or use VPN remote access. MFA can take the form of a code that is texted to your mobile phone, an app on your mobile phone or a separate security fob. This ensures that even if your username and password are compromised, a hacker cannot gain access to your site or data without also having access to your phone. Organizations that are applying for cyber liability insurance, or are required to comply with industry or client IT security audits, are now required to use MFA.
IS Multifactor Authentication worth it?
There is always a tradeoff between security and ease of use. Some users may be hesitant to add an extra authentication step every time they login. Fortunately, MFA providers have not only made the process easy, but have also added features to limit the number of times MFA is required. Some MFA providers only require MFA once per week or once per month. Others allow for “trusted sites” where MFA is not required. For example, your office’s public internet address can be added to a list of “trusted sites” so the MFA authentication is not required for any devices connected to your office’s network. Essentially, being connected to your office network serves as an additional form of trust or authentication.
Is it easy to implement?
In many cases enabling MFA for sites you already use, such as Microsoft Office or SharePoint, is at no additional charge. Even if incorporating MFA into your existing IT practices is at a cost, it is the most cost-effective insurance money can buy. We strongly encourage our clients to incorporate technologies such as Microsoft Authenticator, Google Authenticator, Duo, Quest Defender or Okta Verify into their IT practices. If you are interested in learning more about multifactor authentication, please give us a call.