Dec 3, 2021
0 0

How MFA Can Help Prevent Data Breaches

Written by

The Home of the Security Bloggers Network
Home » Security Boulevard (Original) » How MFA Can Help Prevent Data Breaches
Security experts widely agree that any organization securing logins to its valuable IT services using only a username-password combination is taking a huge security risk. Multifactor authentication (MFA) is one of the most basic ways to layer your defenses against unauthorized logins to systems and, ultimately, can help prevent costly breaches. 
To authenticate a user means to verify that the user is genuine. Classically, the way to authenticate a user is to request their login credentials and ensure those credentials match the credentials stored in your directory service or authentication server. The full history and background of authentication is more complex, but thats the gist of it. 
The need to ensure users are who they claim to be is critical in the context of todays hybrid IT infrastructures. Organizational data and apps often exist outside the traditional corporate network perimeter in public cloud services. Furthermore, employees, business partners and contractors are accessing IT resources from home or public locations.
Many security professionals say that identity is the new perimeter. This claim about identity extends to devices and applications, but securing machine identities is another topic altogether. If identity is the new perimeter, then making authentication as secure as possible is paramount to protect your critical assets, including sensitive data about customers and intellectual property. 
In an ideal world, passwords would be sufficient to authenticate users and ensure that they are genuine. Unfortunately, passwords are susceptible to theft, often through poor password hygiene. Whether its reusing multiple passwords across different applications or not creating secure enough passwords to begin with, password theft is rife. 
To understand how easy it is to steal a password, consider a study that looked at over 15 billion passwords. The results of this study revealed that the top four most commonly used passwords were:
These passwords are all incredibly easy to guess even for a beginner cybercriminal looking to access a corporate network. This is confirmed by the fact that 80% of hacking incidents stem from stolen credentials or passwords guessed using brute force tactics. 
A compromised password doesnt automatically lead to a breach, but it makes that outcome far more likely. By logging in to a system using a compromised password, threat actors can impersonate genuine users and attempt to move through a network until they can exfiltrate sensitive information or install malware on multiple systems. 
To help strengthen authentication and avoid relying on username-password pairs alone, organizations can opt for MFA. This type of authentication uses two or more distinct factorsto verify users. Three common authentication factors are:
Clearly, combining just two of these factors already leads to better security. Even if an employee chooses an insecure password, reuses passwords across many systems or doesnt change their password according to the best practices defined in your security policy, its far harder for a threat actor to impersonate that employee when MFA is in place. 
Its worth noting that using multiple authentication factors isnt a 100% hack-proof way to ensure users are genuine. The level of security available depends on the chosen factors of authentication. 
For example, Twitters Jack Dorsey had his account hacked when a threat actor impersonated him by contacting Jacks mobile phone carrier and convincing the company to transfer Dorseys phone number to a different SIM card. Then, because Twitter uses a code sent to your registered phone number as its second authentication factor, the threat actor was able to log in to Dorseys account. 
Push-based notifications to registered devices may be more secure than one-time passwords. Some organizations may see fingerprint scanning as a worthwhile investment to strengthen authentication.  
Even though multi-factor authentication provides much better security, password fatigue is still a real problem. Most companies still use passwords as one authentication factor, which means employees need to set passwords in line with corporate policy and update them at scheduled intervals. This need to properly manage passwords at all times can start to impact user experience and productivity for both end-users and IT security staff. 
Passwordless authentication seeks to eliminate password fatigue by removing the most popular authentication factor from the equation. Instead, users are authenticated using something they have or something inherent to them. For better security, passwordless authentication should require both of these different factors. 
Any company depending only on passwords to verify users is in for a rude awakening. The sheer volume of passwords stolen and compromised daily means that passwords alone will lead to hacked user accounts that can escalate into a full-scale data breach. As detailed in this report from IDC, there are many MFA solutions in the market today. Understanding which one can best address and plug an organization’s authentication gaps is key to a secure future.  
Ronan Mahony is a freelance content writer mostly focused on cybersecurity topics. He likes breaking down complex ideas and solutions into engaging blog posts and articles. He’s comfortable writing about other areas of B2B technology, including machine learning and data analytics. He graduated from University College Dublin in 2013 with a degree in actuarial science, however, he followed his passion for writing and became a freelance writer in 2016. He currently also works with Bora. In his spare time, Ronan enjoys hiking, solo travel, and cooking Thai food.
ronan-mahony has 2 posts and counting.See all posts by ronan-mahony

More Webinars


Article Categories:
Cloud Security

Comments are closed.