Multifactor Authentication (MFA) is the best way to secure your company’s sensitive data and protect against would-be hackers. When done properly, MFA is not only a great way to secure data and your company’s insider information, but it is also simple and convenient. There are two top methods which employ the best security without causing unnecessary friction.
The first method of MFA is to use an identity provider. Three examples of identity providers are Okta, Duo and Google Authenticator. Using one of these providers, you set up your credentials via an app on your phone or some other recognized device. When you enter your credentials into your office PC, the provider you’ve chosen will send you a notification on your preset recognized device. If you’re the one logging in, the notification will be no surprise. You click “OK” on your device and you’re in. If you’re not the one logging in, then you’ll know that you’re being attacked. You can decline the notification to prevent access.
The second method of MFA requires the use of a hardware key. Previously this method used rotating FOBs or RSA tokens that would have a code you entered on your computer. But now, hardware keys, like a Yubi Key are are USB sticks with complex cryptographic signatures. It is a physical key that you carry with you.
A hardware key is registered with your identity provider, so when you plug it into your computer, your sign on service detects that it’s plugged in to the USB. There’s encryption algorithms and rotating codes built into the USB that makes it work as the second part of the MFA. But because you have the physical key, once you type in your username and password, you get right in because your credentials are recognized as part of the multifactor. So one part is your credentials, the other part of the MFA is the physical key.
Both methods are extremely easy to implement, and you do not have to be technical to do it. A lot of the providers like Okta, Duo and Google Authenticator are built to make single sign on that is protected and simple for companies. You don’t give your employees credentials for each separate system, you give them one set of credentials with multifactor authentication and from there they can access all of your needed services in a secure manner. You know they’ve been authenticated and doing it this way eliminates surface area that can be attacked.
There are many businesses which do not yet use multifactor authentication. This is largely due to misinformation and poor implementation which causes unnecessary friction. When done properly using one of the two methods discussed here, MFA is incredibly easy to use, incredibly easy to implement, and is, by far, the best way to ensure that your company’s data is protected.