Security professionals talk about MFA (multi-factor authentication) and 2FA all the time. You’d think, by the way it's portrayed, that it will solve all your security challenges. It does make a big difference in securing your organization, but what most security experts don’t talk about is how often it ends up being a huge source of frustration for your employees.
Having a solid MFA policy in place is the easiest way to boost your company's security posture.
What is MFA?
When someone starts talking about MFA, it’s usually related to logging into something, like a bank account, a computer, your VPN for work, or your email account. A password is one factor, but if you add more steps to a login workflow, anything additional you add is considered another factor.
The “factors” in multi factor authentication refer to something you have and something you know. If you’re using a phone that scans your face or fingerprint to unlock your laptop, this factor is something you are. Biometrics are one of the highest fidelity forms of authentication available, so we recommend you use it whenever it’s available. Plus, it’s (hopefully) harder to lose a finger than it is to forget a password. Not that we recommend you do either of those things.
Great. How does it keep my business safe?
Well implemented multi factor authentication policies add an additional layer of protection between your most valuable assets and criminals hoping to breach your security perimeter. They also keep your employees’ personal information safe and provide high assurance that they are who they say they are when trying to access company resources. Unfortunately, MFA is NOT a silver bullet that will solve all of your security woes. It will, however, make it a lot harder for bad guys to get into your stuff.
Here’s the catch. Only having to remember a password is easy. When multiple factors start getting added to employee logins, they make it harder to log in. Employees may get annoyed if they have to do a password, then plug in a USB security token, then scan their face, and on and on. So how can we get the security benefits without employees getting locked out of everything every other day?
How to get the benefits of MFA without the headache
A well-implemented MFA strategy consists of a few things:
Understand your perimeter: What are you trying to protect? Are you trying to implement a policy where all employees need to access a cloud platform (like Google Drive) or an internal network? Understanding the need will help you decide how to stand things up.
Use an SSO solution that enforces it: A good SSO solution (Okta, Active Directory) achieves a few goals for us. It allows us to enforce policies like a minimum character count so users can't bypass them. It gives us a single source of truth so you don't accidentally have fired employees running amok in your network. And finally, it puts all of your company resources in one place, like a dashboard. This incentivizes your users to WANT to use your MFA solution.
Leverage a password manager: Your organization is using a password manager like 1Password or Keeper, right? :) Most modern password managers have features that allow users to add rolling one time passwords (TOTP). The user can add their complex (hopefully 16 characters or more) password, username, and TOTP seed, and the password manager provides an MFA code when the user attempts to log in
This sounds awesome, but I don’t have time to figure this out myself
You’ve got a business to run! We get it. Maybe you already know all this stuff, but you haven’t found the time to tackle your MFA project. Valar Security can support your project, no matter where you are as an organization. If you need a plan with detailed steps to follow, we can give you a plan. If you just want to know that it is taken care of, we can deploy MFA for you and give your internal team the reins from there.
If all you need is a quick call to ask a few questions and get some advice, we’re happy to chat and give you a few pointers too. You can shoot us a message here.