The vital role of multi-factor authentication in your security stack
September 26, 2023 – Published on Beta News
Written by Gary Brickhouse, CISO, GuidePoint Security
Stop me if you have heard this story before. A threat actor sends a crafty phishing email. An unsuspecting end user clicks a hyperlink in the email and enters their username and password, unknowingly providing those credentials to the threat actor. The threat actor then uses these credentials to gain access to all sorts of personal or company sensitive information. While this may be a “tale as old as time”, it’s still happening today. Literally every day. According to the latest Verizon Data Breach Report, stolen credentials is still the primary way attackers gain access to organizations.
The fact is passwords continue to be a target for threat actors and are becoming increasingly vulnerable to attack. Threat actors leverage techniques like phishing campaigns, brute force attacks, information-stealing malware, and social engineering to gain access to user credentials. End users often contribute to the problem by using easily guessed passwords or reusing the same passwords across multiple accounts making a threat actor’s job easier. The bottom line is putting your data protection hopes into a single username and password is a foolish endeavor when the need for more robust authentication controls is evident.
While there are multiple, layered solutions and strategies to strengthen authentication controls, one of the primary means is through the use of multi-factor authentication (MFA). Traditional single-factor authentication relies solely on a username and password. MFA adds an extra layer of security by requiring users to provide additional forms of authentication. There are many options MFA leverages including a one-time passcode, SMS text, security key, or biometric data. This approach significantly increases the complexity of compromising an account — even if a threat actor has access to a username and password.