Meet with an Expert
Meet with an Expert
Contact Us


Subscribe to Our Blog
Contact Us
Subscribe to Our Blog

Adding a Layer of Security with Multi-Factor Authentication

Ben Hayden
3/10/20 9:45 AM

Test1. 123456. password. These were three of the most commonly used passwords in 2019.

We've all seen these or other lists of passwords and have probably used some similar elementary-level passwords ourselves. They're convenient and easy to remember, but of course, this type of password is easy to guess. Just ask someone from your IT department.

We can go on for days about the dangers of using simple passwords, but let's focus on one area of security that has become a standard for many companies. Granted, you'll still want to strengthen your passwords, but we've incorporated this security protocol to help increase our security at Kingland.

Multi-Factor Authentication (MFA)
Password manager provider LastPass believes less than 60 percent of businesses use multi-factor authentication. Widely known as two-factor authentication, MFA goes a step further and uses three checks instead of two to verify your identity. For the purposes of this article, we'll use MFA as a catch-all.

Microsoft says that users who enable multi-factor authentication for their accounts will end up blocking 99.9% of automated attacks, according to an article in ZDNet. We're not suggesting that MFA is an elixir for potential security ails, but this can enhance your security efforts.

For Kingland, MFA has been a focal point for us and a requirement that we're addressing from a physical security and computing perspective. This is driven primarily by our usage of security measures that contain certificates that allow encryption/non-repudiation. Our customers expect MFA and customers/regulators expect non-repudiation. As an example we have implemented MFA to help protect our productivity applications and company data. All employees are required to set up and use MFA in order to validate their identity and access our tools. 

But it's a Nuisance
Usually when companies implement MFA, the IT department hears plenty of employees complaining about the extra steps it takes to access information, but it's a small price to pay for an additional security blanket. Google published a blog stating that the company teamed up with researchers from New York University and the University of California, San Diego to research the effectiveness of two-factor authentication. The results? In short, "receiving a secondary SMS code blocked 100 percent of automated attacks, 96 percent of bulk phishing attacks, and 76 percent of direct, targeted attacks - like those made by hired hackers. Using on-device prompts brings those numbers up to 100, 99, and 90 percent, respectively."

The security industry has developed several MFA methods that can be deployed. The short list includes:

  • Phone call - automated phone call to verify it's you
  • Biometric verification - confirming your identity using facial recognition or a fingerprint
  • SMS token - authenticator applications that can use text messages and may contain a pin number, for example, used to login and access information
  • Security questions - static or dynamic knowledge-based authentication that allows users to provide self-identifying answers, verifying user identity

Keep It Simple 
Using one password for multiple accounts is convenient for users ... and easy for hackers. TeleSign, an online identity security company, says 73 percent of online accounts use duplicated passwords. More than 50 percent of consumers use five or fewer passwords across their entire online life.

While this is alarming, educating employees about password security is important. Password best practices include the following:

  • Use password managers
  • Create a new password for every account
  • Apply password encryption
  • Create a strong, long passphrase (e.g., up to 64 characters, including spaces)

Simple, short passwords can open up a host of risks for corporate and individual security efforts. But by incorporating MFA, along with other security methods, you can significantly boost the assurance that unauthorized access to your information is being prevented.

You May Also Like

These Stories on Security

No Comments Yet

Let us know what you think