Multi-Factor Authentication: An Extra Line of Defense Against Hackers

Have you calculated how much a data breach could cost your company? According to Microsoft, the average loss from a data breach is $4.2 million, but many breaches are far more expensive. Given those risks, you’ve got to implement the most up-to-date safeguards available. And at the moment, that means Multi-Factor Authentication, or MFA.

MFA is a simple enough concept: give the hackers a second, more challenging hoop to jump through before they can gain access to your website.

Commonly used MFA methods

The way MFA works is that after the user logs in with credentials, they must enter another form of authentication to make sure it’s really them. This redundancy usually follows one of three methods:

• Knowledge — The user already knows what to enter, such as a PIN, the answer to a security question, or which image to click out of an array. No one’s going to forget their mother’s maiden name, their first pet, or the name of the street they grew up on. But this category also includes the “Push” systems which send a one-time code in a text message or email for the final authentication.
• Possession — This refers to an object the user has in possession that completes the authentication process. Items include security tokens, USB drives, and smart chips embedded in credit cards. Also in this category are software-based security tokens from applications that produce one-time login codes.
• Inherence —  This process uses something that’s unique to you, such as a thumb print, retina or iris scan, voice authentication, facial recognition, or even the geometric configuration of your earlobes.

Lesser used methods include location and time-based authentication. For example, a person might log onto a website, which then tracks their position via their cellphone. Also, using a combination of location and time, a website could deny access to someone logging in from Miami, when it knows that person was in Tulsa 10 minutes ago.

There are a few more wrinkles that provide additional security and convenience, such as:

• Adaptive authentication — This system recognizes when a user is not logging in from their usual site and demands additional authentication on that basis. Log in from home, you’re clear. Log in from Panera, and we’re going to ask questions.
• Single sign-on — SSO is a processes of sharing authentication across various applications, so a user only has to log in once. Google uses this method across all of its various applications. Once you are logged into Google Drive, you automatically have access to Docs, Gmail, and Sheets. Few businesses have so many apps that this method is necessary.

What type of MFA is right for you?

This answer depends greatly on how your employees, clients or customers use your system. But certainly, some type of MFA is called for. You cannot risk a ransomware attack that would halt operations and compromise your proprietary information, or a breach and would put private data in jeopardy.

If you store personally identifiable information on your website, you have a legal duty to secure it using appropriate methods. What is judged to be appropriate evolves with the technology. Hackers are becoming more savvy, and so are industry defenses. If you fail to keep pace with security advances, and you suffer a breach, a court could find you negligent. But by using the best methods available, you can avoid crushing liability if a breach occurs.

Get an MFA program that’s right for your company and your users

At KMF Technologies, we are experts in information system security, serving a wide range of industries from construction to healthcare. We custom build plans that specifically fit our clients’ needs. Our solutions are scaled to your usage, so you never pay for features you’re not going to use. Call us to schedule a free consultation and get your business information systems protected and running smoothly.