Strengthening Your Online Defenses: Exploring Multi-Factor Authentication 🔒

Yoooooooooooooo🎆…How are my Security conscious people doing today? Today we will lightly explore Multi Factor Authentication (MFA).  One of the most talked about security technologies today for good reason.  Many people still don’t have it set up on all their devices/services 🙀…and its generally a low cost, low resource, low effort way to increase your overall IT security posture.

 

Based on the principle of “layered defense” ...why have one defense, when two would be better? MFA in its most basic sense provides a second checkpoint... redundancy minimizes risk...it allows one factor to fail, with hopes that the second factor will succeed. We will dive deep into layered defense in a future blog.

 

So, are we ready for this? Let’s begin!

 

What is Multi-Factor Authentication (MFA)? 

Imagine MFA as the secret handshake your accounts demand before they let you in. It's like pulling out both your passport and secret decoder ring to get through the virtual VIP entrance. 🔑 This process requires not one, but multiple forms of ID verification. The goal? Beat the bad guys! Make them cry!  🛑 They might have stolen your password, but unless they also stole your phone or other hardware MFA device, they will be stopped cold in their tracks.

 

Why is MFA Important?

Relying on passwords alone these days is not safe today.  Truth be told simple passwords were never truly safe as all passwords have the same mortal enemy: Time. Given enough time, all passwords will fail. 🌧️ Enter MFA: a one-two-three punch that stops them in their tracks! 💥 By slapping on an extra layer of verification or two – a code to your phone or a fingerprint hi-five – MFA Stops those cyber bad guys by making it super difficult to have all the pieces needed to successfully log in as you. 🔐

 

One Factor is your password.  The second factor can be an app on your phone…if you have second factor in place a bad actor would need both your password AND your phone to gain access.  Not impossible, but it is highly improbable!

 

🤨So how do we get this bad actor kryptonite to protect you??!!🤨

 

Implementing MFA:

1. Choose Services that Offer MFA:
   If some software, saas or otherwise, does not offer MFA, then use its competitor. 👥 Stick to platforms that have your back with this fortified security measure. If it doesn’t have MFA, and it holds sensitive data…then I personally would not use that service.

 

2. Select a Second Factor:
   Think of it like picking your sidekick. Choose between SMS codes, authenticator apps (yup, like Google Authenticator, Authy, Microsoft Authenticator, etc), biometric scans (fancy fingerprint reading devices), or hardware tokens (YubiKey or similar hardware devices). 📲 I recommend either a security hardware key or an app like Google/Microsoft Authenticator…SMS is better than no MFA, but recently has proven to be defeat-able. SMS Multifactor is like the lawyer who came in last in their class. Indeed, it would be better than no lawyer, but its performance is super weak.

 

3. Follow Setup Instructions:
   This isn’t the hardest quest in the world, but follow those setup instructions like they're the ultimate quest. A treasure awaits if you simply read and follow those details. Don’t skip steps.

 

4. Backup Codes:
   🔐 I cannot stress enough the need for backup codes…Let us say your hardware key accidentally went swimming and the data is lost…you need a backup key someplace to help you get back in your account. I would save a physical copy someplace only you have access to...like a safe.

 

5. Stay Informed:
   Regularly review the devices that have had access to your account and check the list of devices and apps that can access your accounts. It can be checked in the security area of your software. If you have a lurking device (a device you are not 100% sure is yours), send it packing. 🔄 Even if you accidentally remove one of your devices, you can easily log back in again...not the same for those bad actors out there. When in doubt, remove any device you are not 100% sure is under your control.

 

6. Make it simple:
   Be aware of the choices you have in setting up MFA. 🔢 Why type in an endless list of numbers, when you can simply click yes or no? Making it simple to use will make sure you will use MFA correctly. If you cannot simply click yes or no, ask your admin if they can turn it on that function for you or if it is on the development roadmap for the service you are using.
   
   

Wrapping Up:

So, there you have it Security fam! Multi-Factor Authentication is like your most loyal knight and his best friend, duty bound to make sure only the worthy cross the drawbridge to your digital castle. 🏰 If you haven't yet, please start slapping on MFA across your online landscape, and remember – in the realm of digital defense, why have one knight defending your castle, when two knights are twice as good? 🚀