Get in Touch
Back to main blog page

Multi-Factor Authentication and why it’s absolutely needed in your business!

20th August 2019 | posted by Andrew Sanchez

What is MFA?

Multi-Factor Authentication (sometimes referred to as 2-Factor Authentication) is an enhanced security feature which is offered by most online services.

MFA adds an additional layer of protection to an online account by requiring the user to authenticate multiple times via separate devices which helps to prevent malicious sign-ins by criminals.

How does it work?

Whilst the process may vary from application to application, the underlying principles remain the same:

When signing into a service (e.g. email or filesharing) you will be asked to confirm a unique code from a separate source in addition to your usual username and password combination.

This code will only be visible on devices that have been pre-defined or registered on the account such as a mobile phone or segregated password application

Ultimately, this means that if someone gets hold of your username and password, they will not be able to gain access to your account unless they also have access to your trusted device.

Is it really necessary?

SME’s without MFA enforced on all web services are at a much higher risk of being successfully targeted by cyber criminals.

The key question is, what harm could a malicious person cause if they could successfully impersonate me or one of my employees?

Successful hacks can cost SME’s thousands of pounds and unfortunately are becoming increasingly regular across industries. With GDPR and other regulations, the reputational damage caused by the crimes can be hard to calculate.

Enforcing MFA substantially reduces the risk of such hacks occurring.

Why are my online services not secure without enforcing MFA?

If you do not have MFA enforced, all a criminal needs to gain access to your accounts (such as email) is your username & password.

These credentials can be obtained via a number of routes, including but not limited to:

Brute force attacks via password hacking algorithms

Sourcing them via major data breaches. These breaches occur fairly regularly and the illegal trade in this data is big business. In early 2019 for example, a database of 773 million usernames/passwords was made available on the dark web. (More details here)

They simply ask for them – Phishing emails and fake web pages are the most simple and effective routes to gaining these

Will MFA impact users once it is enforced?

When configured correctly, MFA soon becomes part of normal operating procedure and in our experience, users adapt quickly with minimal disruption.

Here are some things to bear in mind when considering the impact of MFA on your end users:

In most cases, you will only be asked for your MFA code if you are signing in on a different or new device or after a specific time period (usually 30 days)

Using the mobile app version to complete your MFA (such as the free Microsoft Authenticator application) removes the requirement for an active network/Internet connection

Password management applications such as 1Password incorporate this feature and generate the codes automatically in the same way that they store your passwords

The verdict

By choosing not to take advantage of MFA for your online services, you are leaving your business highly vulnerable to a very common and costly type of cybercrime.

It is usually free and straightforward to activate, causing minimal disruption when configured correctly. The initial roll out is something you should work with your IT partner on to ensure it is delivered smoothly and switched on across on all existing accounts.
Internal processes should then be updated to include MFA enforcement for any newly created accounts.

If you would like to discuss this further, please contact the Moof team – hello@moof-it.co.uk

Other Articles

16-inch MacBook Pro
How does the new 16-inch MacBook Pro compare with its predecessor?
13th November 2019

Some of you may be wondering what you get with the new 16-inch MacBook Pro,…

blog img
Suppressing auto-update checks for Microsoft Visual Studio Code for Mac
15th January 2018

Hi there, it’s the same faces, but in a new location! Welcome to moof IT,…

blog image
Are they holding my passwords securely?
10th July 2018

You will probably have seen in the news recently that a number of well known…

MacADUK 2019
18th March 2019

Update: Here’s a copy of the slides from my talk on the 26th March: Slide deck…

Multi-Factor Authentication and why it’s absolutely needed in your business!
20th August 2019

What is MFA? Multi-Factor Authentication (sometimes referred to as 2-Factor Authentication) is an enhanced security…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media