While cyber-attacks on organizations have become more complex over the years, basic attacks—such as email phishing— are still effective ways of gaining access to an organization’s sensitive and critical information. While many organizations deploy multiple layers of IT security to protect their systems and data against attack, those protective controls are nullified if an attacker can obtain a valid set of user credentials to the environment.
Multi-Factor Authentication has evolved as the single most effective control to insulate an organization against remote attacks and when implemented correctly, can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised.
What is Multi-Factor Authentication?
Multi-Factor Authentication is the process of identifying users by validating two or more “factors,” or characteristics that are unique to that user.
Three different characteristics are often used as factors in the authentication process:
- Something you have
- Something you are
- Something you know
Common implementations of Multi-Factor Authentication include the “something you know” factor (i.e. password) and “something you have” (i.e. one-time passcode sent to your smartphone or provided via a token).
While authentication is the process by which a computer validates the identity of a user (i.e. username and password), Multi-Factor Authentication adds an additional layer of protection and security against one of the most common types of breach—compromised credentials.
Without the added layer of security through Multi-Factor Authentication, it is more difficult to truly verify that the user who accessed the system is who they say they are because passwords are still very easy to guess, crack, or steal.
What are the Benefits of Multi-Factor Authentication?
Implementing Multi-Factor Authentication for all users of an organization is one of the most effective ways to prevent unauthorized access to sensitive data. Multi-Factor Authentication, when implemented correctly, can be used to safeguard often overlooked points of authentication, such as email and business applications. Without this extra layer of protection, an attacker can exploit an exposed email account or compromise a poorly-protected application to gain access to additional user information—or even worse, use the compromise as a “foothold” to escalate privileges and gain superuser access to the entire environment.
An often-overlooked benefit of Multi-Factor Authentication is seen when cyber criminals attempt to authenticate to an account with Multi-Factor Authentication enabled, and the targeted employee receives the second authentication factor. The employee, if trained properly, should recognize the compromise and report it to his or her IT department for resolution and further prevention.