Blog

Quick updates

Research has shown that, without training, one in three European employees would be caught by a phishing email. Wondering what that figure is like in your organization? Read more

Time for a well-deserved vacation! More people now opt for a longer trip to compensate for recent years when travel was more difficult, so we would like to draw your attention to a few things before you leave for your holiday destination. Read more

How safe is MFA really?

How safe is MFA really?
Solutions

How safe is MFA really?

Passwords alone are no longer safe enough, MFA is the solution. We have been proclaiming it for a while, just like many others rightly do. Meanwhile we are busy implementing MFA in many companies. But how safe is MFA really?

What is MFA?

On our product page we explain extensively, in plain language, what MFA is and why you should use it. In summary, we can say that it stands for Multi Factor Authentication and that you have to confirm your identity through two or more ways before you can access anything.

MFA is gradually becoming the norm. Also for personal accounts you notice more and more that you are being encouraged or even obliged to sign up in this way. Maybe you are still somewhat critical on this matter and wonder whether the technology is reliable or whether it is necessary to use it.

Long passwords are also insecure

Contrary to what used to be claimed – at the time rightfully so – long and complex passwords are also insecure. Of course they do a better job than “James123”, but with all the computing power available today for everyone, including hackers, it’s only a matter of time before your password is cracked in an automated way. For example, hackers also use social media to collect a lot of personal data. This information can be used to try to retrieve or reset passwords. In addition, we collectively reuse our (complicated) passwords for multiple accounts. Because it is difficult to memorize many hard to remember passwords. Once that one password has been found, it is a piece of cake for a hacker to start abusing those other accounts as well, even if they use variations on that one password.

There are databases with hacked credentials that are offered on the dark web. There is a good chance that this is also the case for one of your accounts. You can check this for free on this tool from WatchGuard: Free Dark Web Scan Report (click). Via “Have I been pwned?” (click) you can check as well whether your e-mail address or telephone number is included in such a database.

An additional factor that is separate from the password

extra-login-factor

This proves our first point once again: passwords alone are no longer secure. If we ensure that an extra step or factor is added to the login process, which is separate from the password, we speak of two-factor authentication (2FA). We briefly explain some possible additional steps.

Email

With some methods, you will receive a code via email after you have entered your password. Safe in itself, you would think. But we just showed that accounts with passwords are easy to hack. It is therefore not difficult for a hacker to also gain access to your mailbox. So we do not recommend using this method.

Text message

This system is already much safer. You log in, receive a text message with a code and enter it. The extra authentication factor is linked to your phone. That is a unique device that you have in your hand. A hacker on the other side of the world doesn’t have access to it. However, it is not a perfect method. There are several ways to intercept text messages, although this is not easy.

Our advice: a notification and/or cryptographic key

An even safer way is to confirm a notification on your smartphone when you want to log in somewhere. To tap the notification, you must have access to the smartphone, which means that a hacker can’t do anything at all. A small disadvantage here is that your smartphone must have a working internet connection (4G/5G or WiFi) to receive the notification. However, this can be solved by using a cryptographic key. These are pre-generated time codes. You enter the code that the app creates during the login procedure. This method is extra safe as nothing can be intercepted by third parties.

This combination is also the method that we recommend to our customers. It is very easy to implement, does not require a large budget and is very user-friendly. And most importantly, all employees have secured access at once.

Stay on the lookout for human errors

Despite all the implemented IT security, it still often happens that an employee clicks on a wrong link, and by doing so opens an insecure attachment, or worse, enters payment and login details on a rogue website. That is why it is very important to make your employees aware of the techniques used to deceive people. Here too, K-Force can help.

Finally: MFA implemented in the correct way gives a huge boost to account security in all cases and you can almost exclude any automated attacks.

Our team of account managers is ready to help you

Christian K-Force Computer Solutions

Christian

Jordan K-Force Computer Solutions

Jordan

Jurgen K-Force Computer Solutions

Jurgen

Jean-Marc K-Force Computer Solutions

Jean-Marc

Kaj K-Force Computer Solutions

Kaj

Kurt Everaerts K-Force Computer Solutions

Kurt

How can we help? Get in touch with our experts.

Enter your details and we will contact you as soon as possible.


    We value your privacy and we only use the information you entered here in order to reply you.

    Or call us now!

    We are happy to discuss your project, in person or via video call. Request a free consult with one of our IT or telecom experts to get to know each other and to look into your particular situation.

    Stay updated on our news? Subscribe to our newsletter.