It was not long ago when a complex password would be enough to protect our accounts and systems. Starting about 10 years ago, when more systems were cloud-based and remote access to businesses became more popular, a strong password just would not be enough. All the hackers would need is your password and they could infiltrate your e-mail, bank accounts, customer data, and your financials. With the introduction of phishing and social engineering, learning a person’s password is very common these days.
I remember back in the late-1990s, some large enterprise organizations had the start of what we call multi-factor authentication (MFA). Back then, you would get a small token that had a revolving numeric code that would change every 60 seconds and would sync to the remote system that you were connecting to. Banks and other financial systems started emulating that about 10 years ago. If you logged into your online banking, you would be texted a code to enter in conjunction with your usual login password.
Since then, there have been huge advances when it comes to authenticating who someone really is. Some of our favorites include biometrics, such as facial recognition and fingerprint readers, but those also come with risks from a legal and fraudulent perspective.
We still encourage all clients and end-users to have a strong password policy, which includes enforcing complex passwords (meaning that they need to have upper, lower, and at least one special character), changing your password every 90 days and automatically locking out accounts after 5 failed attempts. I’ve heard users complain that they can’t remember complex passwords and please let us know if you need tips or tricks regarding this. For me, I usually use the last name of an ex-girlfriend, her phone number’s area code, and then a special character. Obviously, my wife wouldn’t be too happy about that, but it really works!
As stated above, complex passwords are just not enough. When utilizing the same MFA technology from two decades ago, you can truly lock down and secure your accounts from unauthorized access and risking your critical business data. MFA solutions have advanced since then, but the concept is still very effective today and less cumbersome to implement. With users being able to self-manage their access as well, there is no reason not to have MFA on all of your accounts.
There are two popular ways to implement MFA solutions: 1) The good ol’ text messaging, in which you add your cell phone to an account – when you log into the system with your username and password, you’ll be texted a code. 2) Installing an authenticator application on your cell phones such as Microsoft Authenticator or Google Authenticator. These applications are completely free to use and sync up with any external site, such as Microsoft O365, Facebook, banks, etc. When you go to log into those external systems, you will open the application on your smartphone and provide a multi-digit code to enter upon login.
To discuss further the benefits of multi-factor authentication and further securing your accounts, please reach out to Frank at [email protected] or (847) 894-6304. Together we are in this ongoing battle in keeping businesses safe!