Keep Your Accounts Secure with Multifactor Authentication

Here’s how MFA works and why you need it.

Hand with a cellphone and computer
Office of the CISO

Multifactor authentication (MFA) relies on more than one type of authentication information. It consists of something you know and something you have. The first factor—something you know—is a user ID and a password, passphrase, or pin number. The second factor—something you have—typically is a physical token (RSA or YubiKey, for example), a virtual token application on your phone (Okta Verify or Google Authenticator, for example), or a one-time passcode delivered via email or text. To log in to a service or application successfully, you must present both factors to the application’s authentication service. This makes MFA a valuable security asset to leverage, personally and within your organization. Learn the true value of MFA to make recommendations to your team for staying cyber smart.

Why Is MFA Important?

Simple login and password authentication is still the most prevalent form of authentication used today. But that method is vulnerable to several security challenges, including password guessing, cracking, phishing, and other kinds of password attacks. Implementing a common multifactor authentication system mitigates many of these issues. If a password is exposed and MFA is not implemented, any user with the user ID and password can log in from anywhere at any time. With MFA enabled, that same exposed password used by a bad actor will be protected because, after the initial authentication, the user will have to present the second factor by entering the passcode or one-time password (OTP) that is generated and delivered to a legitimate second-factor channel. Bad actors lacking this second factor will not be able to successfully log in.

How Effective Is MFA for Security?

According to the U.S. national security advisor for cyber and emerging technologies, multifactor authentication can stop 80 to 90 percent of the cyberattacks happening today. That significant reduction of risk far outweighs the inconvenience of managing the second factor for day-to-day use. Considering sites such as https://haveibeenpwned.com/, which shows just how many accounts have been compromised in a massive number of breaches, it is clear that simple username and password authentication, no matter how complex the passwords are, is not enough. In short, MFA should be enabled on any account that supports it whenever possible.

Learn more about cybersecurity awareness with NETSCOUT.