Why is Multi-Factor Authentication Necessary?

Managed security services are forever evolving to ensure user security against online threats and attacks. Maintaining our privacy, and the privacy of our most sensitive data, is a priority for individual users and business networks alike, and understanding where we are falling short is essential to data security, and remaining safe from costly and damaging breaches.

While every one of us has used – and continues to use – passwords to keep our online accounts safe from malicious attacks, it is evermore clear how single factor authentication is not effective against modern cybercrime techniques. Even a strong password is invalidated when it falls into the wrong hands, unless there are additional categories of credentials in place to protect an account.

Read more about the value of installing multifactor authentication for safe data management, and why passwords should not stand alone.

Why Are Passwords Insufficient?

Passwords have been the mainstay of online security since the introduction of the World Wide Web, yet in recent years it has become increasingly clear quite how limited they are when it comes to protecting our sensitive and personal data.

Due to progressively sophisticated methods employed by cyber criminals, and an element of user complacency online, mere password protection renders users vulnerable to attacks. While there are many methods for discovering or stealing passwords available to cyber criminals, here are some of the most common techniques that prove successful against single factor authentication.

Credential Stuffing

Many people are in the habit of reusing their usernames and passwords for the login pages of various sites. While this may seem a far more efficient option than memorising a variety of credentials, it renders us far more vulnerable to online attacks. In many large-scale security breaches, hackers will steal a wealth of data pertaining to that website’s client base, and sell it on to others, who will then attempt to “stuff” those same credentials into the login pages of other websites. If you do not use multi-factor authentication, then they will be granted access to your private accounts through the use of your password alone.

Phishing

A simple and lucrative option for hackers, phishing is thought to account for 90% of data breaches and 0.5% off all inbound emails. As with credential stuffing, there is an element of human error involved in a successful phishing attack, wherein a hacker will send an email under the guise of a trusted website or service such as a bank, or a person. They will typically request some form of personal information, such as a password, and direct the victim to a ‘doppelgänger’ site, where they will feel secure enough to input their personal data. Typically, a phishing email will reveal itself through poor spelling, factual mistakes, or an unprofessional email address, but increasingly sophisticated tactics can make it far more difficult for employees to recognise illegitimacy before it is too late.

Keystroke logging

Some forms of malware are capable of recording the keys struck on the victim’s keyboard. In this way, data can be harvested from anyone using the computer, and each time they input any private information – such as a password – it is logged with a third party. While it is certainly rarer than credential stuffing and phishing attacks, it offers another instance of the insufficiency of passwords in a modern, online environment.

How Can Multi Factor Authentication Help?

Effective managed security services will establish an approach that anticipates, and arms against, worst case scenarios. For anyone who falls victim to an online attack, the strength or obscurity of their password does not have any impact on the consequences. In other words, if simply possessing a password is enough to gain access to a victim’s sensitive data, then simply addressing the strength of a password will have no bearing on their future online security.

Multi factor authentication, on the other hand, introduces additional ‘layers’ of protection between the user and potential online threats. The most common categories of credentials – in addition to ‘something you know’, e.g. a password – include ‘something you have’, such as a smartphone or key FOB, and ‘something you are’, which can include a fingerprint, or facial recognition software.

With these additional categories of credentials, even if a user’s password is compromised, a cyber attacker will still be unable to access their account. While password protection should remain an integral part of your managed security services, it is not the be-all-and-end-all, ensuring that the user, their data, and the company network at large remain much safer against online threats.

Get in touch