Why You Should Be Using Multi-Factor Authentication to Prevent Data Breaches

Passwords have been around since the beginning of the computer age. And in all that time, they still pose one of the biggest risks to cybersecurity.

Users adopting poor password practices, hackers stealing databases of login credentials, and phishing attacksdesigned to capture cloud logins are threats that businesses in North Carolina and the rest of the country face daily.

80% of hacking-related data breaches are due to compromised passwords.

Yet, passwords are still very much needed to get into cloud applications, remote login accounts, emails, and just about everything else used online. This reliance on passwords has led to users adopting habits that invite credential theft and reduce IT security. These include:

  • Reusing passwords across multiple work and personal accounts
  • Storing passwords insecurely (sticky notes, plain text documents, etc.)
  • Using weak passwords
  • Never changing their passwords

While password management applications can provide some help to strengthen passwords and ensure they’re not being reused, they can’t stop a hacker from getting into a database of user credentials and then exploiting it.

Some of the biggest data breaches recently exposing account information of users included names like Marriott, T-Mobile, and CafePress.

Once a hacker has a username and password, the tool that’s most able to stop them is the use of multi-factor authentication (MFA).

How Effective is Using a Second Factor of Authentication?

Multi-factor authentication is most commonly implemented as a text or device prompt with a 6-digit code being received upon login. That code then has to be entered within 5-10 minutes for the user to be granted access to the application.

This stops a hacker in their tracks because they are not typically going to have access to the device that receives the code. 

The way most MFA systems are set up, you enter your login and then click a button to send the code. If a hacker does this, a user is automatically alerted that someone is trying to gain access to their account.

You would think more people would use MFA, but some employees don’t like taking that extra step. A surprising 56% of individuals using a personal device to access business data don’t use multi-factor authentication. Nearly a quarter (23%) of people find MFA inconvenient.

But for a few seconds of “inconvenience” you can block nearly all account hacks. 

MFA is very effective at stopping credential theft and password hacks, which makes it a vital addition to any company’s data security strategy.

Microsoft States MFA is 99.9% Effective

Microsoft’s cloud services see millions of attempted account hacks every day. They state that taking the simple action of enabling multi-factor authentication can stop 99.9% of those attacks. 

Google States MFA is 100% Effective in Most Cases

In a study that Google participated in, they looked not only at multi-factor authentication as a whole, but also the effectiveness against different types of attacks and using different notification types.

In most cases, MFA was 100% effective, with the lowest percentage of effectivness being 76%. Here is the data:

  • Using an on-device prompt to receive the code:
    • 100% of automated bot attacks stopped
    • 99% of bulk phishing attacks stopped
    • 90% of targeted attacks stopped
  • Using an SMS to receive the code:
    • 100% of automated bot attacks stopped
    • 96% of bulk phishing attacks stopped
    • 76% of targeted attacks stopped
  • Using a security key to receive the code:
    • 100% of automated bot attacks stopped
    • 100% of bulk phishing attacks stopped
    • 100% of targeted attacks stopped

Using Single Sign-On Can Reduce MFA Inconvenience 

How can you implement multi-factor authentication with the least amount of inconvenience to your users? By using an application that allows for a single sign-on (SSO) experience.

This means that instead of your users needing to go through the MFA process several times a day as they sign into different business apps, they can sign into a master application.

You can use multi-factor authentication with the SSO app, so employees only need to go through the process once. The SSO app uses a cookie that is device and browser-based to approve the user to automatically be logged into their other business applications. 

This creates a more unified login experience and significantly reduces any user push back on MFA interrupting their workflow.

Where should businesses use MFA?

On any application or website that uses a login. From your Microsoft 365 to MailChimp to Salesforce, companies should be securing every login their employees use with MFA.

Can MFA be used with a password manager?

Yes. You can use both a password management application and multi-factor authentication to ensure you’re completely covered when it comes to password and credential security.

Get Help from RCOR for Credential Security Solutions

From single sign-on solutions to helping you enable MFA companywide, RCOR can assist your North Carolina business to ensure your accounts are properly protected.

Contact us today to schedule an IT security consultation. Call 919-263-5570 or contact us online.