The Reschini Blog: Slow Hackers Down with MFA

When a skilled hacker has the means, the motive, and the opportunity to break into your cyber system and wreak havoc, not much can stop or slow that person down.  With one exception – multi-factor authentication, or MFA.

The only drawback of using this advanced tool, however, comes in the fact that the MFA – because of its comprehensive and in-depth safeguards – can also slow down legitimate users.  But industry experts agree that the benefits in safety and security far outweigh this one minor negative.

The National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, defines MFA as “a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.”NIST adds, “MFA is quite simple, and organizations are focusing more than ever on creating a smooth user experience. In fact, you probably already use it in some form. For example, you’ve used MFA if you’ve:

• swiped your bank card at the ATM and then entered your PIN (personal ID number)
• logged into a website that sent a numeric code to your phone, which you then entered to gain access to your account.”

The Pittsburgh Technology Council cites a professional cybersecurity expert (and former hacker), who said, “It is of the utmost importance to push through any obstacles and enable MFA on your environment.  In addition to the monumental importance of having MFA, it is critical that you review your third-party systems that you do not control, especially those which contain sensitive company data, and find out whether MFA is available.”The added seconds it may require for users to register through two separate channels to access data amounts to virtually nothing in the long-term, when compared with the time, trauma, and treasure it would take to recover from a severe cybersecurity breach.For more insurance-related information on this and other topics, contact the professionals at The Reschini Group.Download these resources about Cyber Liability:• 10 Cyber Security Resolutions to Reduce Your Data Exposures• CI - Cyber Liability InsuranceContact The Reschini Group with your questions or concerns regarding cybersecurity.