Technical Support    (855) 512-4817    EMAIL US
blog-header.jpg

Our Blog

Why You Need Multi-Factor Authentication

Organization size is no longer a factor when it comes to data breaches. According to the Verizon Breach Report (http://www.verizonenterprise.com/DBIR/2015/) 95% of all web application attacks involved stealing the credentials of a user. This same report also showed that 2-Factor authentication could have prevented 24% of the incidents reported to Verizon. This is a big deal and there is no avoiding it. It is even affecting some of the largest financial and insurance companies such as JPMorgan Chase and Anthem. In both cases, stolen credentials led to over 80 Million records being leaked. Certainly 2-Factor authentication isn't the silver bullet we all would like but the data shows that it can help prevent your credentials from being stolen by making it harder and more expensive for bad actors to steal your data. 

 

What types of attacks can it help protect against?

  • Phishing attacks
  • Social engineering attacks
  • Stolen Credentials
  • Login account Denial of Service

 

What can you do?

 

Forgetting-Curve.jpg

 

 

It's no secret that multi-factor authentication has been a real hindrance on usability in the past. No one likes carrying around hardware token or an ID card in addition to the things we they already carry with them. The good news is that multi-factor authentication has come a long way. When evaluating your options there are some features you should look for that will ease both the deployment and the user acceptance of the solution:

 

  1. It should work on as many platforms as possible: Your organization is bound to run many services, both in the cloud and on site, that require user authentication. Make sure it integrates with most of the solutions you already own.

  2. You can do better than codes: the best solutions utilize mobile and hardware platforms that can reduce the process to just pressing "Accept" on your cell phone or embed the process in hardware.

  3. Make sure there is an override: it is inevitable that employees will forget their phone, token, or not be near a phone and need to authenticate. Make sure there is an option to provide an override for authentication during those times of emergency.

 

An administrator should also keep in mind what type of intelligence you would like to gain about your network by using a MFA solution. Location information, frequency of second factor challenges, and if the mobile phone providing the MFA services has encryption or is rooted. All of these will lead your business to a better secured environment. 

 

What's New in MFA?

 

As you may know the 6th Generation of Intel's Core vPro processors (code named SkyLake) has some game changing features being shipped. Notably, Intel's Authenticate solution will introduce hardware-based multi-factor authentication embedded in the processor. It was designed specifically for Windows 10, however, it can be enabled in Windows 8 as well.

 

What in the world does that mean and why do I care? 

 

 

Authenticating-Factors.jpg

 

 

The solution described above creates a user context that is aware of more than just a user's password and authenticates using many other factors such as location, proximity, etc. for a more robust access model. Why is this something you should care about? It means that multi-factor is becoming part of the hardware you use to conduct business and it is no longer something bolted on by a third party. Authentication data is now held local and can be controlled tightly by IT policy which greatly improves security and the experience of MFA. This method will increase the amount of time and effort it would take for an attacker to steal or control the authentication process. 

 

 

Some Useful Links:

multi-factor-authentication.jpg
Matt Fusaro

Written by Matt Fusaro

0 Comments

    Subscribe to Email Updates

    Tags

    see all