Securing Data with Multifactor Authentication

Posted inCloud, Security

Multifactor Authentication (MFA) is the best way to secure your company’s sensitive data and protect against would-be hackers. When done properly, MFA is not only a great way to secure data and your company’s insider information, but it is also simple and convenient. There are two top methods which employ the best security without causing unnecessary friction.

The first method of MFA is to use an identity provider. Three examples of identity providers are Okta, Duo and Google Authenticator. Using one of these providers, you set up your credentials via an app on your phone or some other recognized device. When you enter your credentials into your office PC, the provider you’ve chosen will send you a notification on your preset recognized device. If you’re the one logging in, the notification will be no surprise. You click “OK” on your device and you’re in. If you’re not the one logging in, then you’ll know that you’re being attacked. You can decline the notification to prevent access.

The second method of MFA requires the use of a hardware key. Previously this method used rotating FOBs or RSA tokens that would have a code you entered on your computer. But now, hardware keys, like a Yubi Key are are USB sticks with complex cryptographic signatures. It is a physical key that you carry with you.

A hardware key is registered with your identity provider, so when you plug it into your computer, your sign on service detects that it’s plugged in to the USB. There’s encryption algorithms and rotating codes built into the USB that makes it work as the second part of the MFA. But because you have the physical key, once you type in your username and password, you get right in because your credentials are recognized as part of the multifactor. So one part is your credentials, the other part of the MFA is the physical key.

Both methods are extremely easy to implement, and you do not have to be technical to do it. A lot of the providers like Okta, Duo and Google Authenticator are built to make single sign on that is protected and simple for companies. You don’t give your employees credentials for each separate system, you give them one set of credentials with multifactor authentication and from there they can access all of your needed services in a secure manner. You know they’ve been authenticated and doing it this way eliminates surface area that can be attacked.

There are many businesses which do not yet use multifactor authentication. This is largely due to misinformation and poor implementation which causes unnecessary friction. When done properly using one of the two methods discussed here, MFA is incredibly easy to use, incredibly easy to implement, and is, by far, the best way to ensure that your company’s data is protected.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY