What is MFA?

Nick Robilliard
Author
19th April 2023
Information Security

What is MFA?

What is Multi-Factor Authentication (MFA) and why should you care?

If you’re a client of Resolution IT, you’ll have heard us talking about MFA…. A lot. And if not, well there’s no doubt you’ve seen the term flying around.

But what actually is MFA?

Multi-Factor Authentication (MFA), sometimes referred to as 2-Factor Authentication (2FA), is a security method that uses two or more pieces of evidence to verify the identity of a system user.

This is usually something you know (a password), something you have (typically a smartphone for generating a code or a push notification for you to approve or reject) and something you are (some form of biometric test such as a fingerprint).
MFA has been commonly used in online banking platforms for over a decade. More recently it’s use has been widespread for protecting business information in cloud products such as Microsoft 365.

Most applications and cloud services are now suggesting that users set up MFA to protect their accounts, and many organisations are enforcing MFA for any accounts, applications or storage areas that host company or client information.

So what makes MFA such a hot topic?

With cyber attacks on the rise and large-scale data breaches hitting the news more and more often, companies are understandably taking higher precautions around their cyber security. It’s said that around 60% of data breaches involve stolen credentials, whether they’ve been taken via social engineering or hacked. Implementing MFA adds another layer of security to accounts, making it harder for hackers to gain access with a stolen password alone.

How can I implement it?

Most applications now have an MFA option integrated. Start by looking in the security and privacy area of the settings menu, if you can’t find it, a quick internet search will usually help you locate the feature.

Once enabled you’ll then get instructions that guide you through the set up process, usually you can scan a QR code using an authenticator app and it will automatically set it up for you. At Resolution IT, we use the Microsoft Authenticator app, but there are lots to choose from. Speak to your IT provider or internal team if you’re unsure which app is used by your organisation.

Other top tips

Any form of MFA is generally better than none at all, but we recommend avoiding authentication codes delivered by SMS\text message as it’s less secure than other commonly available alternatives such as codes generated by an authenticator application. Also take care with push notifications as it can be easy to inadvertently approve a notification if you are distracted or simply by reflex when you are used to approving your own logins frequently.

Interested in learning more?

If you’d like to find out more about MFA or implement it in your organisation, reach out to our team who will be happy to help you.

Nick Robilliard

Nick is the lead trainer in the Information Security team. He works on providing services for our SecaaS and vCISO clients as well as completing Cyber Essentials and IASME assessments. In addition to this, Nick is also involved in one-off and tailored projects for our clients. Nick is ISC2 CISSP, SSCP and ISACA CRISC certified.

Nick has experience in both the public and private sector within technical support and information security.

Nick says the best part of his job is providing user awareness training sessions for our clients. Ensuring a workforce understand information security risks is vital for preventing breaches, so it’s rewarding playing a part in making that happen.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

We'd love to hear from you

Whether you're interested in IT support, transformation projects or cyber security, start a conversation to discover how we can help your business succeed.
This field is for validation purposes and should be left unchanged.