Skip links

Beyond Passwords: The Importance of Multifactor Authentication 

Tier3 Featured Image 1

For decades, organizations have used passwords as a way to authenticate users before they access the services hosted on the company network. Today though, companies rely much less on the internal network and much more on services hosted on the internet, such as applications like Office 365, Gsuite, Zoom, Salesforce and more. These web-based services provide new opportunities and threats for password security.  

These services are hosted in the cloud, enabling employees to access them from anywhere, on any device, as long as they have the right credentials. While this way of working is excellent for productivity and collaboration, it presents a host of security issues, as many  employees have poor “password hygiene” practices, which make them a prime target for cybercriminals trying to maliciously access your data.  

In recent years, cyber attackers have used stolen, phished, or easy-to-guess passwords to break into these services and to exploit organizations, launch ransomware attacks, or steal sensitive information. The ransom payments demanded by the attackers have increased dramatically, and so too have the frequency of these attacks.  

Hackers have figured out that small and medium businesses are easier to penetrate and less likely to have protections in place to allow them to recover without paying a ransom, making them ideal targets for these kinds of attacks. 

Why passwords aren’t enough anymore

Data breaches are an unfortunate fact of life today for individuals and businesses alike. Every week, it seems more people’s information has become embroiled in a cyber-attack or mass data leak. Gradually, more sensitive information is ending up on the dark web, where hackers can purchase it and then use it as the basis for password-based attacks.  

In fact, research indicates that password compromise is the root cause for over 80% of breaches. One reason why stealing passwords works so well, is that many people re-use the same password across multiple sites and services, essentially making it a “master key” for an individual’s online life. 

If your organization only relies on passwords for authentication, then you could be an easy target for hackers. Breaking into your company is all too easy; all they need is one leaked or easy-to-guess password.  

This is why passwords aren’t enough anymore. You need an additional method of authentication: multi-factor authentication.  

What is Multi-Factor Authentication? 

Multi-factor authentication (MFA) is a verification mechanism that requires users to identify themselves in at least two ways. Typically, the password is the first form of verification, but this needs to be accompanied by a second factor, such as:  

  • A PIN that is sent to the individual over text  
  • A security token that the user needs to connect to their device, like a USB  
  • Biometric information, like a fingerprint  
  • Verification via a separate app on their mobile phone  

MFA should not be required every time a user logs onto a cloud service as this would quickly become frustrating and dampen the user experience. You can usually set it up so that it registers devices and “trusts” them, meaning it won’t need the extra factor authentication every time.  Instead the multi-factor authentication verification will only be required when a new device is used, or when a certain amount of time has elapsed since the last MFA-authenticated login.  

We recommend that you implement MFA for high-risk activities such as transferring money, logging-in from a new device, changing passwords or account details, or accessing/attempting to download highly sensitive information. This crucial extra layer of security can serve to protect your business from the range of cyberthreats today.  

Best Practices for MFA  

If you’ve traditionally relied on passwords alone to grant your users access to corporate resources, MFA will certainly be a big change. Here are some things to bear in mind to ensure a smooth transition.

Take a Holistic Approach 

You should implement MFA across all user accounts and services, including the cloud, VPN and on-premise applications. Taking a holistic approach, to ensure all of your company’s digital assets are secured in a consistent manner, is the best way to improve your security posture.  

Provide A Variety Of Authentication Mechanisms 

Security must be carefully balanced with the user experience. Otherwise, your users could become irritated or face excessive inconveniences, which isn’t good for workplace culture. So, make sure that you consider a variety of authentication methods that suit your different users. We can help you to choose and deploy an MFA solution that supports your business and users alike.  

president tier 818x1024 1

Hi, I'm Jesse and I look forward to speaking with you.

An IT Support partner that you can trust.

I’m proud of the team we’ve assembled and the service they provide to our clients.  It’s because of them that we’re able to make a positive impact in our clients’ businesses and the communities we serve.

Our clients run businesses that depend on technology to operate but don’t have the expertise in-house to manage all the aspects of their Information Technology.  Our unique service delivery model is focused on a business first approach whereby we seek to understand what you’re trying to achieve, and how technology can help you move closer to those goals.  I’d love to connect with you to talk about how we might be able to help you improve the Stability, Security, Strategy, and Supportability of your network.