Why you should move to multi-factor authentication right now.

Why you should move to multi-factor authentication right now.

Between credential phishing, password stuffing, trojans, and other costly cyberattacks, the bad guys are getting good at stealing our information. For hackers, these attacks are low-risk, high-reward crimes, and as a result, cyberattacks are an increasing threat to all professions. In 2017 alone, 2.3 billion login credentials were stolen. In 2018, credential-phishing attacks jumped by 70%. Meanwhile, password hygiene hasn’t kept up with the increasing sophistication of cyberattacks. Over 50% of people use the same password across the board, leaving their entire online identity vulnerable to one code. Not to mention “password” remains the second most common password, only second to “123456.” As passwords have become more and more vulnerable to attacks, users and firms are turning to multi-factor authentication (MFA) to keep their information out of the wrong hands.

 

What is multi-factor authentication?

Multi-factor authentication refers to any time you present multiple forms of verification to log into a system. What you might not realize is that you use multi-factor authentication every time you enter your zip code to pay for gas or show your ID with your credit card. Each time you provide a secondary authorization to obtain access, you’re using multi-factor authentication. However, not all authentication forms are created equal. Let’s break it down.

 

Password Only (Single-Factor Authentication)

Single-factor authentication (SFA) is the simplest form of verification and consequently the weakest. With no additional setup, SFA only requires a single password. Unfortunately, this simplicity leaves you vulnerable to credential stuffing, brute force, and other online attacks.

 

SMS Text Message

SMS text message authentication uses two factors to confirm an identity, a standard password and a temporary code sent to a device like a phone or tablet. This authentication is one of the most common practices but proves problematic when you board a plane or enter a no-service zone. Without cell service, you’re unable to obtain your secondary code. In addition, SMS authentication is vulnerable to SIM swapping and man-in-the-middle attacks, where an attacker can intercept a temporary code.

 

App-Based Authenticators

App-based authenticators like Google, DUO, and Authy provide high-level security. By using in-app generated codes, the user eliminates hacker interceptions. However, app-based authentication requires the user to have their phone on them and can prove difficult to restore when a device is lost or stolen.

 

Physical Security Key

Universal 2nd-factor authentication (U2F) provides the highest level of security by arming users with a physical key. The electronic identity can be physically connected to a device or synced through Bluetooth. The device provides convenient password access without any manual data entry. Physical keys are the best way to keep your data safe, as long as you don’t lose them.

 

Type: Security:   Pros: Cons:
Password Only (Single-Factor Authentication) Lowest No additional setup required. Vulnerable to credential stuffing and other cyberattacks.
SMS Text Message Mid Easy to use and a common standard. Doesn’t work offline (airplane mode) and is vulnerable to SIM swapping and man-in-the-middle attacks.
App-Based Authenticators  Very High Very secure and often free to use. Susceptible if your phone is compromised or lost.
Physical Security Key (U2F) Highest The highest security and easy to use. Key may not be compatible with all devices. Can be difficult to recover passwords from a lost key.

 

 

Although some types of MFA are less secure than others, even the weakest forms are superior to password-only authentication. App-based authentication combined with security-focused tools like Liscio is the best way to protect your information. To enable Google Authenticator for Liscio, view our step-by-step guide here