What You Should Consider When Implementing Multi Factor Authentication
Blog / What You Should Consider When Implementing Multi Factor Authentication
When trying to understand how to better protect your business from cyberattacks, the most frequent suggestion to better protect yourself is to adopt some form of multi-factor authentication (MFA). Indeed, MFA is the one of the more tried and tested methods for protecting your organisation on multiple levels, and will always be a great asset to your cybersecurity profile.
While everyone always implores adopting some form of MFA, there are a range of factors that you should first consider when choosing which form of MFA to use. The type of MFA you use may need to balance user accessibility, security functionality, and maintenance cost to suit your needs as a business.
Factors of Authentication
To understand why you might choose a certain type of MFA, you should first understand what the common types of MFA are. Generally, a factor of MFA security fits into one of three categories: something you know, something you have, or something you are.
Something you know, known as knowledge factors, are the more common factors that most people have experience with. These include passwords and security questions, and are usually the foundation factor for security. They are also the most risk averse factors as passwords are generally the weakest link in security. Knowledge factors are prone to social engineering attacks like phishing.
Something you have, known as possession factors, cover physical authentication such as a magnetic swipe identification card an employee may carry, or an SMS code that an employee receives on their phone. Possession factors are the most common supplementary form of MFA, with many businesses making use of SMS codes or an authentication app like Google Authenticator.
Something you are, known as inherence factors, describe biometrics. Inherence factors are not used as frequently as the other two categories, but are generally very secure. It is very difficult to breach something protected by fingerprint ID as you can’t fake the fingerprint, instead a hacker has to find a workaround.
The strength of your MFA setup will often depend on what is behind it. As an example, let’s say you are trying to set up MFA for your servers that store sensitive data, such as customer records or employee information. In this case, you will likely want a high security, and thus will need many factors to authentication. For another example, let’s say an employee is logging on to a company PC. You may only need a username and password if your network is set up to require further authentication when the employee wants to access sensitive data from the company PC.
When setting up MFA it is important to evaluate the target points of your network so you can choose which areas need more security. Once you figure out which areas of your network a threat actor is more likely to target, you can increase the authentication steps at those target points. Requiring multiple steps of verification for an employee to log onto a PC could be unnecessary if you set up MFA around your network’s most vulnerable points.
Following on from that last sentiment, it is important to recognise the effect MFA has on productivity and functionality. Having too many authentication factors on low-risk areas of a network can degrade the user experience and make basic tasks take longer. MFA should ideally be set up so that an employee can perform a task they need to do frictionlessly.
One Time Passwords such as the codes received via SMS are quite common, and most users are familiar with them, so these are a good choice for some supplementary security at low-risk areas. You can work your way up from there, protecting more vulnerable areas with further factors of authentication.
- How your MFA is integrated. A phone’s fingerprint scanner is a good example of an inherence factor integrated in an unobtrusive way. If an employee is already using a mobile device for a task, then requiring an SMS OTP is efficient and adds another layer of security.
- Cost of implementation. Third-party MFA solutions are usually the way to go for many businesses, but can cost a lot upfront or require expensive fees to add MFA to specific applications and services.
- The process of deployment. If your business is not already set up with MFA in mind, organising and setting up new factors can be difficult. A lot of third-party solutions will have features to allow for smoother implementation, but your services and areas of your network will likely see downtime.
- How your network is set up. Different MFA solutions target different types of network setup. Networks frequently make use of the cloud, as well as on-site and off-site architecture.
Use Securiwiser for Your Business’s Cybersecurity Needs
Securiwiser is a robust cybersecurity vulnerability assessment tool that can help you understand shortcomings in your organisation’s cybersecurity posture. With Securiwiser you check the strength of different areas of your cyber defences in real-time, as well as receive detailed information on how to shore those defences up.
How secure is
How secure is