How safe is MFA really?
How safe is MFA really?
Passwords alone are no longer safe enough, MFA is the solution. We have been proclaiming it for a while, just like many others rightly do. Meanwhile we are busy implementing MFA in many companies. But how safe is MFA really?
What is MFA?
On our product page we explain extensively, in plain language, what MFA is and why you should use it. In summary, we can say that it stands for Multi Factor Authentication and that you have to confirm your identity through two or more ways before you can access anything.
MFA is gradually becoming the norm. Also for personal accounts you notice more and more that you are being encouraged or even obliged to sign up in this way. Maybe you are still somewhat critical on this matter and wonder whether the technology is reliable or whether it is necessary to use it.
Long passwords are also insecure
Contrary to what used to be claimed – at the time rightfully so – long and complex passwords are also insecure. Of course they do a better job than “James123”, but with all the computing power available today for everyone, including hackers, it’s only a matter of time before your password is cracked in an automated way. For example, hackers also use social media to collect a lot of personal data. This information can be used to try to retrieve or reset passwords. In addition, we collectively reuse our (complicated) passwords for multiple accounts. Because it is difficult to memorize many hard to remember passwords. Once that one password has been found, it is a piece of cake for a hacker to start abusing those other accounts as well, even if they use variations on that one password.
There are databases with hacked credentials that are offered on the dark web. There is a good chance that this is also the case for one of your accounts. You can check this for free on this tool from WatchGuard: Free Dark Web Scan Report (click). Via “Have I been pwned?” (click) you can check as well whether your e-mail address or telephone number is included in such a database.
An additional factor that is separate from the password
This proves our first point once again: passwords alone are no longer secure. If we ensure that an extra step or factor is added to the login process, which is separate from the password, we speak of two-factor authentication (2FA). We briefly explain some possible additional steps.
Our advice: a notification and/or cryptographic key
An even safer way is to confirm a notification on your smartphone when you want to log in somewhere. To tap the notification, you must have access to the smartphone, which means that a hacker can’t do anything at all. A small disadvantage here is that your smartphone must have a working internet connection (4G/5G or WiFi) to receive the notification. However, this can be solved by using a cryptographic key. These are pre-generated time codes. You enter the code that the app creates during the login procedure. This method is extra safe as nothing can be intercepted by third parties.
This combination is also the method that we recommend to our customers. It is very easy to implement, does not require a large budget and is very user-friendly. And most importantly, all employees have secured access at once.
Stay on the lookout for human errors
Despite all the implemented IT security, it still often happens that an employee clicks on a wrong link, and by doing so opens an insecure attachment, or worse, enters payment and login details on a rogue website. That is why it is very important to make your employees aware of the techniques used to deceive people. Here too, K-Force can help.
Finally: MFA implemented in the correct way gives a huge boost to account security in all cases and you can almost exclude any automated attacks.