Multi-Factor Authentication: Protecting your Business
“Multi-Factor Authentication” may sound complicated but it’s really just the tech security version of “the best of both worlds.” It’s a way to combine the benefits of different security measures while mitigating each one’s individual weaknesses. Think of it like a warehouse that has a security guard, an alarm system, and door locks.
The key is that multi-factor authentication isn’t simply using the same type of security measure multiple times. Take sites that require a username and password. It may feel like having twice as much protection, but if somebody guesses or steals a username, or tricks somebody into revealing their username, the chances are they can get hold of the password the same way.
Multi-factor authentication instead means having two or more different types of checks on somebody trying to access an account or system. A common way to summarize these is:
- Something you know
- Something you have
- Who you are
- Where you are
As a practical example, imagine a social media website. When you log in, it asks for your password (something you know.) Behind the scenes, it’s checking if you’re logging in from your usual IP address (where you are). If not, it may ask you to type in a code sent to your phone (something you have.)
This helps reduce the risk of a single point of failure. If somebody hacks a database or tricks you into revealing your password, they can only use it if they have physical access to your computer or phone. It doesn’t eliminate risk but significantly reduces it.
Any form of multi-factor authentication has to balance convenience and security. The social media security in our example could be set up so that you have to get a security code to your phone every time you login. That would increase security: getting physical access to your computer wouldn’t be enough to access the account, even with the password. However, it would be too irritating for most users to tolerate.
Businesses have a particular need for multi-factor authentication. For example, staff who receive emails may be vulnerable to a phishing attack that exposes passwords. You may also find it tricky to get staff to create and remember secure passwords that aren’t vulnerable to a brute force attack.
You can choose from many technologies for multi-factor authentication, offering differing levels of security with different costs. Each will have its own pros and cons. For example, you can protect online accounts by using a combination of a password and a physical device such as a special USB stick that must be placed into the computer, working like a physical key. In many ways, that’s safer than relying on the staff member’s phone or tablet, though it’s possible they’ll be more likely to lose it.
The most important thing to remember is that multi-factor authentication is an important principle to follow, but it’s only part of an overall security approach. Contact us at CPI Solutions we’re happy to talk through your security needs and help find a setup that’s both protective and practical.