Multi Factor Authentication - Do I need it?
You’ve probably heard, and maybe been offered Two or Multi Factor Authentication (TFA/MFA) on websites, but what does it actually do? Put plainly, it’s a way to be prompted to confirm identity when logging into a website.
OK great, what does this actually mean and what can it do for me?
We do everything on-line these days, shopping, banking, staying in touch, and more importantly business, and with each of these activities we are opening ourselves up to the less desirables on the dark web. So the better companies out there offer MFA to their customers to help make sure it’s you when using their services.
So how does it actually work?
When signing up for services such as Microsoft 365 or Google Gsuite, you are always asked for annoying secret questions and a phone number. This is not just the software companies being nosy and tracking your every move, it forms another level of security. If one of these companies spots a weird login attempt, you could be prompted to answer a question, a prompt on your phone, or enter a six digit code sent via SMS. These codes can be generated through a free app, if this has been set up. Hence using multi factors to assure your identity.
Can I enforce this for my business?
The plain and simple answer to this is “Yes!”. Whether you’ve aligned your company with Google Gsuite or Microsoft 365, policies can be put in place to enforce all your staff to use MFA to login to your domain. Google even has something as simple as a phone prompt when trying to login.
What happens if I want a more secure version?
As with everything, advances are being made in technology, and security is a huge consideration. There are products out there which are plugged into a USB slot and use fingerprints to gain access. These are a bit more complicated to manage, but give you piece of mind when it comes to who’s accessing your corporate data.
So to sum up, TFA/MFA is a good thing. Enable it, and use it whenever you can. There will always be that one time that you are prompted, and it’s not you or a member of your staff.
If in doubt, just ask!