What is Multi-Factor Authentication (MFA) and why should you care?
If you’re a client of Resolution IT, you’ll have heard us talking about MFA…. A lot. And if not, well there’s no doubt you’ve seen the term flying around.
But what actually is MFA?
Multi-Factor Authentication (MFA), sometimes referred to as 2-Factor Authentication (2FA), is a security method that uses two or more pieces of evidence to verify the identity of a system user.
This is usually something you know (a password), something you have (typically a smartphone for generating a code or a push notification for you to approve or reject) and something you are (some form of biometric test such as a fingerprint).
MFA has been commonly used in online banking platforms for over a decade. More recently it’s use has been widespread for protecting business information in cloud products such as Microsoft 365.
Most applications and cloud services are now suggesting that users set up MFA to protect their accounts, and many organisations are enforcing MFA for any accounts, applications or storage areas that host company or client information.
So what makes MFA such a hot topic?
With cyber attacks on the rise and large-scale data breaches hitting the news more and more often, companies are understandably taking higher precautions around their cyber security. It’s said that around 60% of data breaches involve stolen credentials, whether they’ve been taken via social engineering or hacked. Implementing MFA adds another layer of security to accounts, making it harder for hackers to gain access with a stolen password alone.
How can I implement it?
Most applications now have an MFA option integrated. Start by looking in the security and privacy area of the settings menu, if you can’t find it, a quick internet search will usually help you locate the feature.
Once enabled you’ll then get instructions that guide you through the set up process, usually you can scan a QR code using an authenticator app and it will automatically set it up for you. At Resolution IT, we use the Microsoft Authenticator app, but there are lots to choose from. Speak to your IT provider or internal team if you’re unsure which app is used by your organisation.
Other top tips
Any form of MFA is generally better than none at all, but we recommend avoiding authentication codes delivered by SMS\text message as it’s less secure than other commonly available alternatives such as codes generated by an authenticator application. Also take care with push notifications as it can be easy to inadvertently approve a notification if you are distracted or simply by reflex when you are used to approving your own logins frequently.
Interested in learning more?
If you’d like to find out more about MFA or implement it in your organisation, reach out to our team who will be happy to help you.