Most people do not create complex passwords on their accounts, but instead do the bare minimum. Not only that, but they use similar passwords across multiple websites. Attackers know this and take advantage of it by finding ways to guess or phish for these passwords.
If you are not familiar with the term “phishing,” it is when someone creates a fake email with the intent of capturing your login information. This email is oftentimes created to look like it was sent from your boss or a co-worker, and typically contains an attachment or link they want you to click on. Once you do, malware is downloaded onto your device with the task of retrieving your credentials. This information can be used in various ways such as stealing valuable data or using your accounts to commit crime.
So, what is the solution? You can enforce complex passwords in the workplace, but how effective is that? How do you know that the employees will not use the same passwords for non-work-related applications and websites – exposing your company to potential threats? The simpler and more effective approach is to implement multi-factor authentication.
What is Multi-Factor Authentication?
Multi-factor authentication, or two-factor authentication (MFA or 2FA), is simply another layer of security that is required when accessing your accounts. Instead of just entering your password, you are required to present a second piece of evidence that proves it is truly you that is logging into your account. The evidence falls into the following categories:
- Something you know
- Something you have
- Something you are
Something you know would be a password or a PIN. Something you have would be another device. Something you are would require a fingerprint or facial recognition.
In 2019, Google teamed up with researchers from NYU and UCSD to construct a yearlong study investigating the impacts of MFA on wide-scale attacks and targeted attacks. This study concluded that “an SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.” Given these statistics, it is clear that MFA/2FA is effective when it comes to preventing the vast majority of threats and should be essential in the workplace.
There are several multi-factor authentication services out on the market. Here at Corporate Technologies, we recommend using Duo. Duo is a service by Cisco that allows companies to install multi-factor authentication for their individual computers and software applications. There are many benefits that Duo can provide you with, here are some of them:
- Significantly reduces the risk of hackers gaining access to your company’s information
- Quick; You can verify your identity in seconds
- Designed for companies/teams of any size
- Easy to set up and manage
- Increased productivity and flexibility
- Protect any application on any device
- Notifies you when an unknown device is using your login information
Still have questions? Feel free to reach out to us and we can discuss how Duo or other multi-factor authentication methods can be implemented at your company.
-Corporate Technologies Team
“When it comes to consulting and taking the stress of something we need and use everyday, hands down Corporate Technologies is the leader and walks you through the process and speaks in a language you can understand.”
Resources: Why Multi Factor Authentication is a Must, MFA, Back to Basics Multi-factor Authentication, 2-Step by Google.