In this third part of my MFA mini-series, I am going to look at some of the resistance that we get when trying to implement multi-factor authentication.
MFA – It is like medicine that tastes bad
In the first part of this series, I briefly explained the highlights of why MFA is a key part of any cyber security. Your own personal one-time-password (OTP) between you and the hackers. That extra security if your credentials have been compromised. So you would think everyone would be flocking to set it up…
Well no. MFA is like bad tasting medicine, you know it is going to do you good but you do not like it. Or better still MFA is the wholemeal bread when you are asked if you want your bacon* sandwich on white or wholemeal bread – you are going to order the white bread but you know the wholemeal is better for you.
People just do not seem to like MFA and this is confirmed by our support team. When they are on the ground implementing MFA there are always complaints and excuses why users do not want to use it.
This is a problem I have had to solve.
Some ideas to make MFA an easier fit
Here are my three top things to make MFA work for you.
Get the buy-in of your team
Explain how this will benefit the organisation but illustrate it by showing how MFA secures their Amazon account. This is usually done pre-rollout.
Explain the App
Most of our clients rely on the authenticator app installed on the user’s personal phone, so accept either Google’s or Microsoft’s authenticator app. Relating your cyber security to their cyber security will help convince them to install an app for you on their phone.
Training
Demonstrate and write down the “how to”. Make sure that MFA help is always available. Remember you need this essential security step to work all the time.
One more thing about MFA…
No matter what happens never turn off MFA for systems such as your Microsoft 365, even for just one person, no matter what the excuse is.
Next
I am taking a break from writing for Cyber Awake until the New Year. I have written over seventy articles here, as well as the Wednesday Bit I write for Smart Thinking and articles for Octagon Technology. I think a break from witing these posts will allow me to come back in 2024 ready to better help you understand the cyber security threat landscape and what you need to do about the threats and risks.
Have a Happy Christmas and New Year.
Clive
Clive Catton MSc (Cyber Security) – by-line and other articles
* Insert vegan, veggie or other meat filling of your choice here.
Further Reading
Move away from text- or voice-based multi-factor authentication
The Wednesday Bit | Smart Thinking Solutions
A Geek Present for Christmas 2023 | Octagon Technology
Photo by Andrea Piacquadio