In today’s digital age, protecting online accounts has become more critical than ever. With the rise of cloud computing, businesses and individuals alike are storing vast amounts of sensitive information online. While cloud services offer unmatched convenience and accessibility, they also present a significant target for cybercriminals. This is where Multi-Factor Authentication (MFA) steps in as a vital security measure.
By Chris Harris – Chief Information Officer
What is Multi-Factor Authentication?
Multi-Factor Authentication (also known as two factor authentication or two-step verification) is a security process that requires users to provide two or more verification factors to gain access to a resource such as an application or online account. Instead of just asking for a username and password, MFA requires additional information – a second verification method, which could be a text message code, an email verification link, application notification, biometric factor or a hardware token.
Why is MFA important?
MFA is important because many of the online applications and services we now use are accessible from anywhere. That means anyone can try to log in to access those resources and a password alone is not enough to secure access. Often such attempts are ‘bots’ that run through thousands of dictionary passwords or use credentials that have been harvested in a previous breach. Without any second form of verification, access to such accounts can often be gained easily. However when MFA is enabled, should the correct username and password be guessed, a trigger for further verification will be made and the account cannot be accessed until that is provided.
What do I need to do?
You need to ensure that in both your business and personal life you have enabled MFA where possible, and be aware and accepting of the risks on those services you have not been able to secure. For any account with administrative permissions and accessible over the internet, MFA is non-negotiable – the risks are just too high.
Whilst many online services offer MFA as part of standard access, some require you to link with an external identity provider such as Microsoft or Google. However there are still a surprising (and disappointing) number of applications that don’t offer this at all – if that is the case, then it’s time to look for a new provider of those services.
Educating your staff is vitally important so they have awareness of the importance of security measures such as this, and also ensure it’s checked into any new application that is being reviewed.
Whilst MFA is not a sure-fire step to prevent your account being accessed, it hugely improves the security and is an essential feature in today’s digital age.
The NSCS guidelines offer further advice in a 2018 post (though still valid): Stepping up to multi-factor authentication – NCSC.GOV.UK
How we can help
At UHY Ross Brooke we take IT security very seriously. We offer impartial advice to increase your IT security posture as part of our IT Consultancy Services.
Get in touch today for a chat on how we can help.
