Multi-factor authentication (MFA) is now required more than ever, as an efficient way to protect your business from cybercriminals. But what is it? How does it work? And why is it so important? 

When you want to sign in to your online accounts you can’t do so without a process called “authentication.” You need to let the service know that it’s really you. In the history of authentication, that has been done with a username and a password – and passwords are single-factor authentication systems. 

But with cyber threats and attacks becoming more organised and sophisticated, so do the measures businesses need to take in order to protect themselves. According to the Australian Cyber Security Centre ACSC, Australia sees approximately 164 cybercrime reports being made every day – that’s 1 every 10 minutes.

Even using a password manager that automatically generates unique passwords for you is not enough to protect your business. Usernames are often easy to uncover as they generally are the email address. 

This is why nowadays a lot of online services such as banks, WordPress, Facebook, Instagram, Apple, Gmail or Microsoft 365 have implemented two-factor (2FA) or multi-factor authentication solutions. 

The multi-factor authentication history 

The multi-factor authentication history started over two decades ago with 2FA. Also called two-step verification, two-factor authentication is also a multi-factor authentication, but with only two steps instead of more. 

The multi-factor authentication process caught on with the arrival of smartphones when using a second device as an aid to login into an account became easier. Having our smartphones readily available meant that accessing the authentication codes sent via SMS or email was quick and easy.

And with hacks and data breaches more and more common and damaging, MFA needed to evolve – and individuals and companies had to try to keep up. In fact, in 2016 Barack Obama wrote an article emphasising that passwords alone are not enough for protection against hackers and urging consumers and businesses to use MFA through an awareness campaign, #Turnon2FA.

What is multi-factor authentication?

When you sign in to an online account, you need at least another factor to prove who you are. The difference between MFA and 2FA is that unlike 2FA, which needs only 2 forms of authentication, MFA normally requires three.

What are the three types of multi-factor authentication?

To verify a person’s identity, MFA uses three factors:

  1. Something you know. Pin, password, the answer to a security question.
  2. Something you have. A device (where you get a code via SMS or multi-factor authentication app) or token
  3. Something you are. A fingerprint or other biometric 

Without the added third step, two-factor authentication can be hacked more easily than MFA. 

How does it work

According to NIST, “multi-factor authentication can be performed using a multi-factor authenticator or by a combination of authenticators that provide different factors.”

A two-factor or multi-factor authentication app – such as Google Authenticator, Microsoft Authenticator or Duo Mobile – works by generating time-based, one-time passcodes that usually refresh every 30 seconds. 

A common example of multi-factor authentication is: after entering your username and password, there’s an added security step that requires you to enter another code. This code is sent to your phone or email, and it’s to verify that it’s really you. 

Enabling 2FA or MFA will prevent unauthorised login attempts, and it’s an added layer of protection for your data.

Why is multi-factor authentication (MFA) important?

In Australia alone, ransomware attacks are major IT security threats. Organisations that only rely on credentials are highly vulnerable to cyber attacks. Login details can be stolen or hacked, then used or sold on the dark web. According to the State of Ransomware 2020 report by Sophos, “ransomware attack remediation efforts cost on average US$732,500 when a ransom is not paid, and US$1,448,458 when a ransom is paid.”

In our current work-from-home (WFH) environment ransomware attacks are even more prevalent. 

Multi-factor authentication is one of the most effective ways for organisations to protect their confidential data and information (customer information or financial documents) and accounts against unauthorised access.

One of the most important multi-factor authentication advantages for organisations is that it is a key component to achieving zero trust. By always verifying the identity of your employees, your data is less exposed to risk. 

And with the global multi-factor authentication market projected to reach $40,000 million by 2030, it’s clear that more and more organisations are seeing the importance of protecting their data via MFA.

Multi-factor authentication risks 

Multi-factor authentication benefits are many, but what are the cons? And are there any risks? The major multi-factor authentication con is the frustration of your employees always having to verify their identity. 

The risk is losing access to your account if you don’t have your second factor (you lose your phone). This is why it’s very important to have a backup.

Protect your business with advanced multi-factor authentication  

Setting up multi-factor authentication for your organisation is one of the most important steps you can take to protect your data from cyber attacks. 

Every business has unique risks, and cybersecurity services will be different for each. If you’re wondering what advanced multi-factor authentication tools and products your business requires, we can help. We offer IT security solutions for both large enterprise and small businesses. Contact us today.