IT - MFA

In the midst of the coronavirus pandemic, many businesses are asking, or mandating, that office-based employees work from home

"Millions of employees who have been logging in from workstations on corporate networks are now logging in from home or elsewhere on public networks. Stronger authentication, and VPNs, that used to be required for a subset of employees at any given time now become the point of entry for your entire workforce. So what happens if your multifactor authentication (MFA) provider's infrastructure goes down? For organizations that deal with personally identifiable information (PII) and other sensitive information, having remote workers log in with only a username/password, even over VPN, is not acceptable. A critical piece of any MFA platform service is a high-availability configuration to ensure that authentication requests are processed if the infrastructure fails or parts of the network are overloaded..."

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level

"Being sensible when it comes to passwords is important, and a crucial step to securing your online life. However, some of your online accounts -- for example, your Google Account or Dropbox -- might be so important and contain such a wealth of information that you might want to take additional steps to protect it.

And there's no better way to secure your online accounts than to use hardware-based two-factor authentication (2FA). Security keys are easy to use, put an end to phishing attacks, cheap, and are less hassle and much more secure than SMS-based two-factor authentication. And the good news these days is that you can get security keys in a variety of formats, from USB-A and USB-C, Lightning for iPhone users, and even keys that use Bluetooth..."


Traditional password-and-username authentication can leave users vulnerable

"In 2010 Christopher Chaney, a celebrity obsessed cyber-stalker, got hold of a number of celebrity emails. Using data gleaned from social media and Wikipedia, he successfully guessed the passwords to over 50 personal email accounts belonging to famous women, including Scarlett Johansson, Mila Kunis, and Christina Aguilera. He had access to these accounts for almost a year, and he was responsible for posting nude photos of Scarlett Johanssen and several non-celebrity women. He has since been sentenced to 10 years in jail..."

See all Archived IT - MFA articles See all articles from this issue