Is Your Company Secure Without MFA?

Is your company secure without multi-factor authentication (MFA)? Well, if you’re only leveraging traditional passwords… then probably not. 

With so many systems and applications in use today, end users often create simple passwords that are shared across multiple IT resources. Bad actors are well aware of this, which is why compromised user credentials are a common method of attack. 

Fortunately, enabling MFA throughout your network is easier than ever before. Let’s take a closer look at how MFA can benefit your organization. 

What is Multi-Factor Authentication?

MFA is enabled when users need more than just their username and password to gain access to a particular IT resource (e.g., systems, servers, applications, networks). MFA leverages multiple authentication factors such as passwords, hardware tokens, smartphones apps, biometrics, time, and location. 

With MFA for applications enabled, for example, a user would need to input their core credentials in addition to a secure MFA token to authenticate and gain access. As a result, a bad actor would need to compromise the core user identity in addition to a secure MFA token (which is separate from the user identity) to gain access to the user’s apps, in this use case. 

How Secure is MFA?

Many IT admins believe that MFA is the most secure authentication add-on mechanism, and with good reason too. TOTP keys and hardware tokens stop the vast majority of phishing attempts and bot attacks. 

Additionally, Symantec argues that 80% of the data breaches in recent years could have been prevented with MFA. So, instead of wondering if your company is secure without MFA, a better question would be how to enable MFA. 

How to Enable MFA

While there are plenty of MFA mechanisms available today, most IT organizations leverage the core user identity in addition to a hardware token or smartphone TOTP (time-based one-time password) key as the second factor. For this use case, a user enters their password and a numerical code from a secondary method such as a smartphone, app, or hardware token from Yubikey.

Historically, this type of setup (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: