Cybersecurity: the Importance of Using Multi-Factor Passwords

Mask Group 2

Do you remember when a simple username and password was enough to keep you safe from cyber attacks?

Sadly, those days are gone.

These days, it’s all too easy for passwords to be guessed, stolen, or sold to a third party leaving your accounts and your network vulnerable to hacking.

The use of Multi-Factor Authentication (MFA) has emerged as a way to cope with this growing cybersecurity challenge.

But how does it work exactly? And how could MFA help you protect your company?

Here is everything you need to know about Multi-Factor Authentication.


What is multi-factor authentication (MFA)? 

MFA is a system in which several different forms of identification are used to prove that a network user really is who they claim to be. 

Authentication factors come in three basic categories. One of these categories is knowledge; you prove your identity by using a password, PIN number, or correct responses to security questions. A second category is possession; you verify your identity with a keyfob, smart card, or even your own cell phone. And the third category of authentication factors is inheritance; fingerprint scans and facial recognition are good examples of this.

By requiring factors from at least two of these categories, it makes it more difficult for hackers to get in, even if they have managed to steal login credentials. While it may be relatively easy for a hacker to gain access to a password, or to security question answers, it’s much harder for them to steal other factors of authentication.


How does MFA protect your data and your organization? 

There are a number of ways that MFA works to protect your company and your data. Most importantly, it provides added security in the event that your employees’ passwords are compromised. Because passwords are so easy to steal, relying solely on these can leave your data vulnerable. 

MFA has the added benefit of providing protection for multiple accounts. Your employees use multiple apps and websites, and each of these require a separate login. Often, if the password to one of these accounts is hacked, it compromises other accounts, too. MFA gives you the peace of mind knowing that all your employees’ accounts for banking apps, social media, email and/or online shopping are safe from attack if a password is stolen.

Finally, MFA simply allows you to remain one step ahead of the hackers. We know that scammers are becoming increasingly sophisticated in the methods that they use. The simple security solutions we’ve used in the past won’t be enough.


How to implement good MFA practices with your employees 

By now, you’re convinced. But what about your employees? How can you get them to use good MFA practices?

First, be consistent. If you’ve made the decision to use MFA, be sure you use it for every account that your employees use. That includes your website as well as any data stored in the cloud. Using MFA with everything helps your employees understand that it’s important to you.

Another helpful tactic is to incorporate contextual MFA triggers, such as time and location, to minimize the number of barriers to user access. For example, maybe they don’t have to answer security questions as long as they are in a recognized location, like their house or the office. However, if they’re working in a public library, or in a hotel during a business trip, those security questions may be necessary.


Insurance considerations

Beyond its obvious protection of your network and data, multi-factor authentication is essential for most insurance policies.

It’s no secret that cyber attacks can cost businesses millions. These losses have ramped up dramatically in our post-Covid world where telework has become the norm rather than the exception. In this context, the simple cyber security policies of the past do not provide sufficient protection.

It has now become common practice in the insurance industry to require MFA for a cyber policy before even giving you a quote.

For this reason alone, MFA may not simply be a desired luxury for your business or organization, but an indispensable necessity.