In a world riddled with cyber threats, any added layer of protection and authentication is far too important to overlook. So, what is the best way to effectively authorise your employees?
In the cyber security world, authentication means to verify that a person or device is who they claim to be - which is usually done with the traditional password and username combination (or more recently, biometric identifiers). But one of the largest problems with using only one form of authentication is that it’s much easier to become compromised than if you had added methods of authentication.
Take a look at traditional user ID and password logins. End users often fall into the illusion that just a complex password is all that’s needed for protection. But, as we found out on a lot of occasions in 2017 - companies get hacked and login credentials get exposed. Simply put, a password alone is not enough.
Well, there's a range of options out there that are easy to use and are completely free - yet they're criminally overlooked. From two-factor to multi-factor authentication, these added layers of security can grant us extra peace of mind in a world riddled with cyber threats, yet many end users are still unable to even explain what these tools are (let alone use them).
Here, we delve into the most common forms of authentication and how they can add more protection to your business.
For end user’s, single-factor authentication (SFA) is simple and straightforward: no password, no access.
SFA is a process for securing access to a given system, such as a network or website, through only one category of credentials. The most common example of SFA is the simple password-based authentication. This relies on the diligence of the system administrator or user who sets up the account.
However, there are plenty of disadvantages. IT teams become overwhelmed when teaching individuals to use strong passwords and are stuck having to reset passwords whenever users forget them (which, as you no doubt know, happens a lot). When people get passwords wrong, systems sometimes fall back on security questions, such as “what's your mother's maiden name?” - information that's very easy for hackers to get a hold of (we have social media to thank for that one).
"80% of data breaches that occur could be prevented by using 2-factor authentication."
Two- Factor Authentication
They say that added convenience often damages the level of our cyber security. Well, in contrast, added security can certainly hamper our convenience. With two-factor authentication (2FA), the ultra-simplicity of logging into our accounts is (slightly) put at risk - meaning that many employees shy away from implementing it.
With 2FA, employees have to supply two distinct proofs of identity to gain access to the network. Usually, this includes both a password and physical control over a trusted mobile device. Take Twitter for example, who ask you to enter your passwords and, next, wait for an SMS with a six-digit code to input. Only after both factors are completed is the user authenticated.
In nearly every case, two-factor authentication is an improvement over single-factor. Although, one of the biggest concerns for businesses is that immediate access of a device cannot be gained when an employee's physical security is compromised, or when they just simply don't have the device at hand. The common counter-argument is often along the lines of: “isn’t that sort of the point?”.
A step up from two-factor, multi-factor authentication (MFA) boasts even more levels of authentication. In most cases, MFA approaches will remember a device, so if you come back using the same phone or computer, the site remembers your device as the second factor. Depending on the nature of the organisation, the risk could outweigh the cost and multi-factor authentication may be preferred.
However, in all it’s multi-factor glory, there is a downside to MFA.
Multi-factor authentication can disrupt end users who may need to re-authenticate throughout their workday. The same applies that, with every factor of authentication you add, you boost security, but at the cost of making your user experience worse.
Adaptive multi-factor authentication
MFA has the ability to be configured as “adaptive multi-factor authentication” (AMFA). So, instead of an employee always being asked to provide multiple authentication factors, the user will only be asked for an additional factor when necessary.
For example, a user logging into the corporate network from a corporate managed computer will only be asked to provide one factor of authentication - a password.
However, if a user is logging into an unknown device from an unknown network, the user will be asked to provide multiple authentication factors. AMFA invisibly interrogates hundreds of factors, including behaviours, if there is enough of a match with a user's known profile to allow the user to access a site or service without requiring the user to enter any additional factors.
So, if your business is worried about damaging the user experience, AMFA can greatly enhance security without too much compromise to your employee’s convenience.
The impact of cyber security attacks can take a massive hit to a business, both financially and in terms of reputation. The cost of implementing 2-factor authentication or multi-factor authentication can be very small or sometimes even free. Simply implementing these authentication methods could save your business from a cyber attack.