What is Multifactor Authentication?

The security of your data is constantly under assault. Hackers and bots never stop trying to steal information that will allow them to impersonate and defraud individuals or companies.

Multifactor authentication is currently the best way to protect your accounts, including those that seem insignificant. Even a trickle of personal information can allow bad actors to piece together enough data to hack into accounts or create new ones for others to exploit.

Unfortunately, studies of MFA security show that high adoption rates starting around 2016 already need a reboot. Six years later, hackers have infiltrated nearly 50 percent of these protective systems, requiring corporations to update security measures as threats continually become more sophisticated.

multi factor authentication

Cybercrime Demands We Use More Protection Than Ever Before

Worldwide, over $145 billion is spent on cybersecurity annually. A national study showed that hackers stole $945 billion through cybercrime in 2020, partly due to the number of people working from home during the pandemic. Some information is stolen using sophisticated packet sniffing bots that scour the web for vulnerabilities when data is transmitted online.

Phishing attacks are still a rich source of theft, however. These are achieved by impersonating a person or business and sending (via email or SMS) an urgent message that requires immediate action. The victims of phishing attacks are often caught off-guard. They mistakenly use their log-on credentials on faked web pages linked to the email or SMS message, giving the hacker access. 

Information captured by hackers is used to break into an individual’s accounts or the individual’s employer’s accounts to steal from them or to spread malware in the affected systems. International criminals use these techniques to attempt ransomware attacks as well. These lock up a company’s systems until a ransom is paid, crippling the company indefinitely and incurring high costs.

The average company’s cost for a ransomware attack in 2019 was over $760,000 in both payments to hackers and lost productivity. The price of a breach can be even higher if sensitive information is released. Equifax’s leak of consumer information earned them a $700,000 fine from the Federal Trade Commission.

The Scope of the Issue

In addition to online company databases and cloud-based work sites that hold sensitive corporate information, consider all of the online accounts that contain personal information. Accounts rich in personal data may include:

  • Email
  • Health insurance
  • Bank accounts
  • Social media accounts
  • Credit card accounts
  • Online accounts like Microsoft and Apple

MFA Definition and Importance

Passwords are no longer sufficient security for most accounts. MFA is a method of ensuring that only the actual account holder gets access to the protected account and data. 

The reasons for multifactor authentication cannot be overstated. Breaches from corporations rich in consumer data enable hackers to gather information (available for sale on the Dark or Deep Web) to construct profiles of individuals. This profile information may be used to gain access to accounts or to create new accounts fraudulently. The technique may also allow a hacker access to the individual’s employer’s databases.

Reasons for multifactor authentication include:

  • The high rate of hacked accounts,
  • Passwords are often reused or easy to guess,
  • Usernames are frequently the same as email addresses, and
  • Vast amounts of personal information are easily found as it's frequently shared on social media or leaked in corporate breaches.

How It Works

Multifactor authentication is like a deadbolt lock on your door: a higher level of security than the average password-protected account. This level of security involves more than a username and password. Sometimes the user needs to access an authenticator app on their phone to get a six-digit code; in other cases, a passcode is texted to the account holder's cell phone.

No form of multifactor authentication is perfect; users still have to be vigilant. Malware launched on an individual's computer or digital device through phishing attacks may be formatted to overcome MFA. That includes collecting login information or intercepting SMS messages. Malware may also steal cookies that store user names and passwords. In addition, SIM card swapping, a form of smartphone piracy, allows hackers access to stored passwords and incoming SMS verification.

Types of MFA

MFA requires multiple steps to enter the account, starting with the user name and password. For security, an additional step is added using one or more of the following:

  • A secure authenticator app that is downloaded to the account holder’s phone
  • A multi-digit passcode that is texted to the account holder’s phone
  • A security token that generates a passcode during log in
  • A biometric identifier such as a fingerprint or retina scan

Protect Yourself – Use Multifactor Authentication on Your Accounts

Multifactor authentication techniques are still new to many individuals and companies hoping to protect data, but these systems require frequent updates to dodge the most persistent hackers. It is impossible to thwart all attempts to hack login information, with human nature being the most significant vulnerability (note reused passwords and phishing attacks that prey on emotions).

When appropriately used, MFA protects a significant percentage of accounts. Companies relying on cloud or remote-based work should continually educate employees on the dangers of phishing attacks and the importance of good online hygiene for their work and personal accounts. That means:

  • Not clicking on links sent in unexpected emails
  • Not responding in haste to emotionally-charged requests
  • Verifying the origin of incoming messages
  • Never share passwords or MFA tokens
  • Attending regular meetings on IT security concerns and threats
  • Using computer-generated passwords