Certain businesses have taken a much closer interest in cybersecurity… those businesses being business insurance providers. Many will now only provide coverage if your business maintains certain cybersecurity standards. One key tool they want to see is multi-factor authentication, or MFA.
Let’s talk about what you need to be ready, and how Setton Consulting can help.
What is MFA?
Multi-factor authentication/MFA is a cybersecurity approach that adds more distrust to historically trust-based systems.
Most, if not all, of us are familiar with the username and password combination that has been used since networking was first introduced. Knowing the secret knock wasn’t enough; you also had to know the secret word to get in.
However, this system has always been somewhat easy to break. Someone could simply hide close enough to the door to hear the knock and the proper password, and today, cybercriminals have numerous means of capturing credentials. Phishing, keylogging, network snooping, and more have all been—and still are—used to steal access to resources.
MFA is used to fix that by adding another requirement far harder for someone to replicate or steal.
How Does Multi-Factor Authentication Work?
Multi-factor authentication is a relatively simple concept: it requires someone to provide extra proof that they are who they say they are.
Returning to our examples, someone presents an identity—who they are—as the username or secret knock. This tells the system that someone is requesting access. This identity must then be authenticated. Historically, this was the password, the factor used to prove that, yes, this identity was verified as having access.
Whether it was whispered to a guard or put into a password field, the idea was that this was enough authentication to provide access. However, with multi-factor authentication, more proof is required.
Before the door would be opened, someone also needed to be wearing a certain ring. Similarly, more proof is needed to authenticate an identity.
What Can Be Used as Authentication in Modern MFA Systems?
Today, this additional proof of identity, the multiple factors in multi-factor authentication, can take one of three forms:
- Something you know, like a password or passcode
- Something you have, like access to an account or application
- Something you are, like biometric data
Today’s technology gives us numerous options, some more secure than others, but the real focus should be that any MFA is better than no MFA… especially if it’s what prevents you from insuring your business.
Emailed Codes
This option may work well for your business, provided that you don’t mind having to check your email before you can log into your secured resource. Some platforms may only have this option, too. The idea is simple: when an attempt is made by a user to access the protected resource, an email is sent to that user’s email address that must then be provided.
SMS Codes
Similarly, some platforms will only offer this option despite its considerable downsides. We’ll get to those later. This idea is also pretty simple: a user requests access and a text message is sent to their phone with a code they must then provide.
Again, having MFA is better than not having MFA. However, we do have to acknowledge some downsides.
For instance, what happens if you are using SMS-based MFA and the phone tied to the account is lost or the user upgrades their device? What if someone decides to change their phone number? It may not happen very often, but it does. What if someone loses access to their email account?
Any of these situations can make MFA more challenging.
Authentication Applications
Various dedicated applications exist that are meant to assist with MFA specifically, such as Google Authenticator, Microsoft Authenticator, Duo, and others. By using a secure authentication app, all of your MFA codes can be generated from one secure place and accessed relatively easily by your team members as they need them.
If going the application route, you should always check that you can move your application between devices (which not all will allow) and that you can back up, as you can with the three we’ve mentioned: Google, Microsoft, and Duo.
We’re Here to Help You Keep Your Business Secure Enough to Be Insured!
Business insurance is not something to neglect, and frankly, if it helps make businesses inherently more secure, we’re all for it.
So, whether you want to learn more about putting MFA in place or have any other IT or cybersecurity questions, we’re ready to talk. We work with businesses around NYC to ensure they can use technology as the tool it has always been intended to be. Give us a call at (212) 796-6061 to learn more.