Back to Basics – MFA

This, I think, is the next obvious place to go after a mini-series on passwords – MFA or Multi-factor Authentication.

So you have heard of MFA but let’s clarify why it is a good idea

I am not going to go into the technicalities of how MFA works – I have included a link below if you want to know how MFA works – I am going to talk about the benefits to you.

Compromised Credentials

How ever many articles are written, videos made, seminars given or policies and procedures issued, threat actors still get access to millions of credentials everyday (Popescu. 2022).

91% of people know the risks of reusing passwords across their online accounts, but 66% do it anyway. (LastPass. 2020)

One of those could belong to a senior person in your organisation, who thoughtlessly reused what they believed was a secure password for their Microsoft 365 account. Now when the hackers use their automated systems to see what Josephine@compromised.co.uk using password cloCk43sciSsors65beLl$$ will open, they will get into her M365. Even though the credentials were stolen from www.smalllocalshoponline.co.uk.

Back to Basics – MFA Cyber Awake
Everyone must use MFA

MFA comes to the rescue…

…when the hacking machine tries the credentials on M365, Josephine gets an alert on her phone whilst watching TV with her family. She knows she is not working, so she declines the request for access. Hacker thwarted, information safe.

…of course your policies and procedures tell the user what to do next…

There are cyber security consequences for the above scenario. If your password policies and procedures do not include mitigation for this, now is the time to call us.

Next Time… More on MFA

Having talked about the benefits of MFA, next we will look at why MFA is not the perfect solution.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

References

Popescu, V. (2022). How many passwords are hacked every day?. Windows Report – Your go-to source for PC tutorials. https://windowsreport.com/how-many-passwords-are-hacked-every-day/

LastPass. (2020). 2020 password security report: Password hygiene reduces security risk. https://www.lastpass.com/resources/ebook/psychology-of-passwords-2020

Further Reading

The Password Mini-series – CyberAwake

…or in this case watching. This video includes a look at the MFA security of the US’s nuclear football!

Why You Should Turn On Two Factor Authentication – Tom Scott

Photo by Karolina Grabowska