Multi Factor Authentication – the first step in security

Recent attacks on major companies resulting in massive loss of personal information has enforced stricter regulations for company security. Insurance companies are requesting information from their policy holders on the insured company's cyber security before policies are granted and there is talk of updating The Privacy Act to hold more accountability for organisations in relation to personal security of their clients and staff (see here for The Attorney General's Privacy Act Review.). 

Cyber security might seem a difficult process, however I recently I asked our techs at Loyal I.T. Solutions what is the simplest and most economical way for a user or business to protect themselves from hacks, and the consensus from them was multi or two factor authentication.

We have spoken on this issue in many blogs (Why Multi Factor Authentication is more important than ever; Cyber protection that is virtually bullet proof) and this blog is to reintroduce the simplicity of this form of protection.

There are two different variations on this type of security - 2 Factor Authentication (otherwise known as 2FA) and Multi Factor Authentication (known as MFA). Here are the differences between the two.

2 Factor Authentication (2FA)

2FA works by adding an additional layer of security, other than a password. It could be any of these:

• Hardware Security tokens - these are small, like a key fob, and produce a new numeric code every 30 seconds.
• SMS Text Message 2FA – these interact with the user's phone, sending the user a unique one-time passcode (OTP) via text. 
• Software token – Using the user’s phone, a software generated, time-based OTP is sent via an authentication application downloaded on a mobile phone. This is a more preferred method of authentication as you need open up the application to obtain the current code to sign in, which changes regularly.
• Push notification – websites and applications can send the user a push notification to the mobile phone, that an authentication attempt is taking place and it can be approved with a single touch or swipe. Loyal I.T. Solutions does not recommend single push notifications as unsolicited sign in requests could inadvertently be accepted.

Multi Factor Authentication (MFA)

MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA utilises three standard rules to setting up, which are:

• Something you know (e.g. your username and a password) and/or
• Something you have (a physical devise e.g. your mobile phone, ATM car, FOB key) and/or
• Something you are (e.g. fingerprint, iris or face).

This additional layer or two of protection is recommended for highly sensitive material, and meets standards as required for Cyber Security Insurance.

For more information on factor protection for your Microsoft account, please visit cyber.gov.au and follow their handy instructions, making sure that you select the most secure form of notification. If you wish for help in setting up your organisation for authentication, contact Loyal I.T. Solutions on 02 4337 0700.