Back to top

Why Multi-Factor Authentication is Important for You and Your Business

Caleb Pipkin

Complexity, uniqueness, and periodic change have long been the top best practices for passwords, but new recommendations have led to changes around password policies.

Passwords were supposed to fix authentication. Instead, they have become a source of significant problems. Users continue to choose weak or simple-to-guess passwords and reuse the same passwords on multiple services. How many times have you tried to set a password just to find out that it is missing a capital letter or number?

To catch you up on the current state of password complexity requirements, here is a list of some things you should not be doing when it comes to creating passwords:

  • Eight-character passwords aren’t enough. We are moving into a territory of regulations wanting 16-character passwords or passphrases.
  • Complexity is important, don’t use dictionary words or typical character substitutes.
  • Don’t change your password by adding consecutive numbers. For example, Elephant1, Elephant2 etc.
  • Don’t use the same password for everything. Use password management tools like LastPass or Dashlane to help remember your passwords, and protect the tool itself with MFA.

Arguably, even strong passwords are not enough for protecting most sensitive information. Adding a second layer of protection, such as multi-factor authentication (MFA) will help keep you and your organization more secure. A true multi-factor authentication (MFA) will require at least two mechanisms from different methods. For example, an ATM card has an MFA. Your card is your first level of authentication and the second is your PIN, you can’t withdraw money without typing in your PIN.

Today, most MFA solutions can be deployed by using either apps or SMS on mobile devices running iOS or Android.  When using MFA for a website, the user puts in their password, and the MFA system responds with a unique and temporary keycode, sent either via SMS or to the MFA app on the user’s phone. The user types in the code on the website, and gains access.  The passcode expires after a set period and can’t be reused.

It’s important to note that multi-factor authentication does not excuse weak passwords. Multi-factor authentication systems are an added layer of protection for your organization.

As for which multi-factor authentication system to choose, there are many options. The best course of action is to consult with your IT service provider or IT department to find a solution that will work with all your software and security systems that support MFA. If you have questions regarding what MFA solution would be right for your business, please contact our security experts today.