By Arturo Romero, Senior Security Engineer, Scantron Technology Solutions
Let’s consider a basic item that increases overall security of your accounts where available: multi-factor authentication (MFA). MFA requires users to authenticate via multiple methods to ensure that the person logging in is indeed the intended user.
MFA contrasts with the more traditional login requirements of a simple user name and password. It does that by adding in a requirement to provide another piece of information to authenticate. MFA encompasses these items when authenticating:
- Something only the user knows
- Something only the user has
- Something only the user is
So now that you know what MFA does for you and how it works, what types of attacks does MFA stop?
- Credentials lost through phishing campaigns, such as the ones asking you to update your info or your account is going to be closed.
- Password spraying, which is where a common easy password is used against multiple accounts to see if it works such as “password1234” or “qwerty123.”
- Credential stuffing, which is where a hacker purchases a database of credentials then tests the database to see whether there are any reused credentials within your organization.
Ultimately there is one important stat that you should take into account on why you should use MFA when available. MFA alone stops 99.9% of automated password attacks. That’s massive in terms of a level of protection you don’t see in many other security mechanisms. It’s time to enable MFA right now wherever you can.