In short, multi-factor authentication is at least two factors...
...something you know and something you have. So, a password you know and a device or biometric (face, voice and print recognition) authentication.
In today’s current climate, everyone and every organisation is a target, so we need to make strides to enhance security measures. Multi-factor authentication (MFA) is a simple way to add a layer of protection to the sign-in process. Rather than using one form of authentication to log in to your device, app or cloud storage, you are required to go through a second stage of authentication, such as a fingerprint or code on your phone.
Why should I use MFA?
If you only use one password to login or authenticate a user, it can leave you vulnerable to an attack. If that password is weak or has been exposed elsewhere, it is an easy entry point to your network by an attacker. When you are required to use a second form of authentication, security is significantly increased as this additional step isn’t something an attacker can easily obtain or duplicate.
With MFA, even if a compromised password is used, the attacker would be unable to gain access without either a code or fingerprint confirmation and the legitimate user would be notified of the attempted login.
Changed requiring MFA
Later this year, Microsoft will be taking the first steps towards mandating MFA by switching off basic authentication methods in Exchange Online. Once this is complete, ‘modern authentication' will become the standard for Microsoft’s online services. This will then allow Microsoft to begin to mandate MFA for all cloud services, which we believe will happen in the months following.
If you are considering obtaining a Cyber Essentials certification, under the new criteria, MFA is a requirement for all cloud accessed apps, therefore, you must have this in place beforehand.
What do you need to do?
How MFA can be implemented will depend on the complexity of your environment. So, it's important that you get in touch with experts to ensure it is implemented correctly. If you are ready to implement MFA, get in touch with us today.