Twitter is once again back in our newsfeeds after the announcement that its free SMS multifactor authentication will soon be available only to blue-tick subscribers. We don’t have to look far back in Twitter’s history to understand the potential problems of using only password log ins – the claim that Donald Trump’s twitter was hacked by Victor Gever simply guessing the then-President’s password (Maga2020!) springs to mind. 

So, Twitter’s removing it – but what exactly is Multi Factor Authentication and why does it make such a big difference to security? Does it really benefit UK businesses, and if so, how?

Level Up Your IT

 

What is Multifactor authentication? 

Multi Factor Authentication, MFA, or even ‘two-step verification’ is a secure way to prove you are who you say you are when signing into an account. A ‘factor’ is one of the ways to demonstrate proof of identity; ‘multi factor’ simply means using more than one. And even if you don’t realise it, almost all online services now require multifactor authentication at some stage in their sign-in process. 

It’s the equivalent of the real world example of being asked to bring both a form of ID and a bill addressed to you as proof of residency or identity. In the digital world, it might look like being asked to prove it’s you not just with your password and username but with an additional verification.

What’s wrong with my password? 

There’s nothing ‘wrong’ with your password per se, and indeed, the traditional username and password combination often remains the first step in Multi Factor Authentication. However, as the digital world has advanced, so have the tactics of cybercriminals, and usernames and passwords no longer provide a strong enough level of cybersecurity.

To begin with, most usernames are often easy to guess. Often, they’re simply a combination of your first and last name or your email address. Secondly, people have a tendency to pick easy-to-remember (and therefore easy-to-guess) passwords, and use the same password for most of their accounts. This leaves them vulnerable to attack. 

Multi Factor Authentication examples

Multifactor authentication examples often centre around three themes. 

  1. Something you know
  2. Something you have 
  3. Something you are 

Something you know is most often the classic combination of username and password. Something you have could be an app on your phone, your email, or number. This is what’s happening when you’re asked to input a code that’s been texted to your phone, click a link sent to your email, or even confirm in your banking app that it’s really you making a purchase. Finally, we have the more recent addition of something you are. Relying heavily on biometrics, this can be additional checks such as a fingerprint scanner on your phone or facial recognition.

What’s happening in all of these Multi Factor Authentication examples is the businesses on the other side of the screen are checking that you’re really who you say you are. 

Multi Factor Authentication benefits

As touched on above, by far and away the best benefit of multifactor authentication is the added level of security. Compromised passwords are one of the easiest and most common ways that cybercriminals gain access to accounts and data, so making sure they’re backed up with another form of verification is a quick win to bolster your defences. 

The additional step requesting something that you know, have, or are means that even if hackers do know your password, they still can’t access your account (unless they’ve accomplished the much more difficult feat of also capturing you and our phone). 

By using MFA, you reduce the risk of a cyberattack and all its worst impacts: data loss if you haven’t sufficiently backed up your data, falling foul of GDPR regulation, reputational damage, loss of productivity, loss of customers, loss of business… 

One extra verification step can put a stop to that neverending list of doom.  

Other multifactor authentication benefits include:

Regulatory compliance in the UK

Multi Factor Authentication benefits specific industries by helping them meet regulatory compliance. For example, Payment Card Industry Data Security Standard (PCI-DSS) requires multifactor authentication to be implemented in specific circumstances in order to prevent unauthorised users accessing payment processing systems. Meanwhile, if your business operates within the EU, you should be aware of the strong customer authentication requirements that the Payments Service Directive 2 (PSD2) necessitates and how MFA helps meet those requirements. 

Obviously, staying on the right side of the law is necessary for any UK business. MFA can help avoid any unwanted hefty fines or even the forced closure of a business. 

Increased flexibility. 

Many UK companies choose to request multifactor authentication for every sign-in. For example, many businesses require MFA to log on to a VPN, or to access specific data. Many others, meanwhile, request MFA much more rarely, such as the first time you sign up to their services. This flexibility is one of the main multifactor authentication benefits: businesses can tailor their level of security to their services. 

Adaptability and context specific functions.  

This is really an extra level of flexibility. As well as setting the regular ‘rules’ for mfa, businesses can also make these rules context specific. Let’s think of one of the older Multi Factor Authentication examples. Years ago, did you ever sign into Facebook on a new computer and be asked to identify pictures of your friends? Believe it or not, that was an early stage Multi Factor Authentication. You weren’t just being asked for your password, you were also asked for something you know – your friends’ names and faces.

Crucially, this didn’t happen every time that you logged into Facebook – that would have been far too annoying. Instead, Facebook was clever enough to adapt to the context of a new location or new device sign-in and, based on the elevated level of suspicion, decide it was time for an extra security check. Nowadays, this same Multi Factor Authentication benefit of context-specific triggers is still in use. For example, you may find yourself re-signing into all your apps when you get a new phone or number, or being asked to approve purchases in your bank app when they’re over a specific amount. 

Optional customization. 

No face recognition technology on your phone? No problem. Businesses can select multiple ways to verify users’ identity.

Increased employee mobility. 

The Covid-19 pandemics accelerated the digital transformation in the United Kingdom and across the world. With the majority of people working from home, businesses had to come up with a quick solution for employees to continue to access the resources they needed to do their job in an easy and secure way. 

As we’ve seen, multifactor authentication was the perfect adaptable, flexible, and secure way to do just that. Employees could sign into business applications from home while keeping networks and data protected. 

Although the pandemic is behind us, the days of work from home look set to stay. Indeed, many employees have gone one step further to embrace remote work, setting up office in different locations depending on the day of the week. Whether it’s a local coffee shop or a villa in Bali, employees need to be able to do their job from any location. MFA can provide secure access to VPNs, company data, and business resources from anywhere in the world. 

Is Multi Factor Authentication good enough?

It’s certainly a start – and a pretty good start at that. But cyberattacks are more advanced than ever before and new threats emerge constantly. Remaining cyber vigilant is important for all businesses and their employees to truly minimise the threat of cyber attacks. This means assessing your networks and systems for vulnerability, your data access and retention policies, operational practices and employee behaviour to hunt down and address any vulnerability. 

Not sure where to start? Explore our cybersecurity audit services for London and UK firms, to see if you could benefit from a full review of your business’ cybersecurity, complete with expert recommendations to keep you safe – using multifactor authentication and so much more.