Stolen or compromised passwords are responsible for most corporate data breaches. According to the 2021 Verizon Data Breach Investigations Report, 61% of all data breaches were the result of stolen or compromised credential data.
Employee re-use of passwords is one of the biggest challenges for organizations. The typical employee may have well over a hundred different online accounts or credentials for various personal services, corporate systems, and corporate SaaS or mobile applications.
Password reuse is common, since it is virtually impossible to remember a unique, strong password for every service. A big part of the solution to this problem is to outfit employees with a Password Locker service.
The other piece of the puzzle is implementing multi-factor authentication (MFA) or two-factor authentication (2FA). We are often asked, “what does MFA stand for?What does MFA mean? Is there a difference between MFA and 2FA?” In this blog, we will explain the key differences between 2FA vs. MFA.
| Interested in learning more about 2FA vs. MFA? Check out these blogs: |
Beyond Passwords: Factors of Authentication
Companies of all sizes must add multiple factors of authentication beyond just passwords alone. Passwords can be stolen and if re-used, they become an entry point for cyber criminals.
Simple passwords are easily cracked and can be exploited to gain access to your network and sensitive data if they are short or in common use. This is why strong authentication is required.
Multiple validation methods for desktops and mobile devices are critical to beefing up security standards and mitigating the risks for multiple accounts due to password re-use and password theft. There are four different kinds of user authentication methods:
1. Knowledge
This is the most common form of factor, namely a password. It is “something you know.”
2. Possession
This factor validates that the user possesses something. This “something you have” can be:
- A hardware USB key
- A hardware token-based device that generates a one-time passcode
- An alternative method to validate the possession of previously registered mobile device (either SMS, push notification to a mobile app, or one-time passcode generated by a mobile app)
3. Inherence
This is a factor that measures “something you are.” Biometric user authentication techniques are a common example, where fingerprints, iris or retinal scans, voice, or facial recognition are used to authenticate the user.
4. Location
Physical location can be used as another mode of authentication. Location or geographical presence can be determined dynamically via an IP address or GPS reading.
Location is often used to either disqualify an authentication attempt – for instance, block any authentication attempts from Iran or North Korea – or alternatively, it can be used as a trigger to challenge the user with additional forms of authentication.
MFA vs. 2FA
Simply put, 2FA is a subset of MFA. These terms are often used interchangeably, but there is a difference. It is technically accurate to say a system that uses two-factors of authentication is both a 2FA system and an MFA system. An MFA system may also feature a third or fourth form of authentication.
At NENS, we leverage Cisco Duo to provide zero trust and customized identity and access management solutions to our clients. Duo is a flexible solution, enabling various forms of MFA, including push notifications and one-time passcodes on smartphones, integration with hardware USB keys and other third-party Enterprise SSO solutions.
Which is Best? Remember Ease of Use
The reality is, if organizations just add a second form of authentication beyond passwords alone, the vast majority of breaches are stopped. According to Microsoft, adding a second form of authentication like a one-time password on a mobile device stops 99.9% of account compromise attacks.
Adding a third form of authentication can deliver even more protection, but it makes sense to remember ease of use with cybersecurity measures. Security is always a balancing act versus convenience and user productivity. It is important to beef up your defenses, while staying mindful of user productivity.
| Need Help Improving Your Multi-Factor Authentication Policy? Avoid data breaches and protect sensitive data with a robust MFA policy from NENS.
|
Bring MFA Benefits to Your Business With NENS
In this blog, we have explored the differences between Two-Factor Authentication and Multi-Factor authentication and why some form of MFA is critical, either multi-factor authentication (MFA) or two-factor authentication (2FA).
At NENS, we believe that multi factor authentication methods are far more effective than single-factor authentication. They provide an essential layer of defense against credential theft or compromises. MFA falls within our Identity and Access Management practice area and is evaluated for all new and existing clients during cybersecurity assessments. We also implement MFA as a security standard requirement for all clients as part of our Managed Services plan.
If you are looking to develop or implement a multi-factor authentication policy for your business, or need additional clarification on MFA vs. 2FA, contact us today for more information.