Why Multi-Factor Authentication is Important for You and Your Business
At the end of December, I wrote a blog post about the ever-increasing password complexity requirements. The security industry has been harping on the strength of passwords now more than ever. How many times have you tried to set a password just to find out that it’s missing a capital letter or number?
To catch you up on the current state of password complexity requirements, here’s a list of some things you should not be doing when it comes to creating passwords:
- Eight-character passwords aren’t enough. We are moving into a territory of regulations wanting 16-character passwords.
- Complexity is important, don’t use dictionary words or typical character substitutes
- Don’t change your password by adding consecutive numbers. For example, Elephant1, Elephant2 etc.
- Don’t use the same password for everything. Use password management tools like LastPass or Dashlane to help remember your passwords, and protect the tool itself with MFA.
Arguably, even strong passwords aren’t enough for protecting most sensitive information. Adding a second layer of protection, such as multi-factor authentication (MFA) will help keep you and your organization more secure. A true multi-factor authentication (MFA) will require at least two mechanisms from different methods. For example, an ATM card has an MFA. Your card is your first level of authentication and the second is your PIN, you can’t withdraw money without typing in your PIN.
Today, MFA can be deployed by using either apps or SMS on mobile devices running iOS or Android. When using MFA for a website, the user puts in their password, and the MFA system responds with a unique and temporary keycode, sent either via SMS or to the MFA app on the user’s phone. The user types in the code on the website, and gains access. The passcode expires after a set period, and can’t be reused.
It’s important to note that multi-factor authentication does not excuse weak passwords. Multi-factor authentication systems are an added layer of protection for your organization.
As for which multi-factor authentication system to choose, there are many options. The best course of action is to consult with your IT service provider or IT department to find a solution that will work with all your software and security systems that support MFA. If you have questions regarding what MFA solution would be right for your business, please contact our security experts today.