The Problem with Passwords and why you need MFA
Compromised passwords are the main way that systems get hacked yet we tend to rely solely on passwords to protect our data and our business. A common way for passwords to be compromised is through Phishing, an email or text sent purporting to be from someone we know and requesting we update or change our password to a system we use. Of course, it’s not from the trusted company we think it is and instead is being used by a criminal to find out your password. It’s a very sneaky method of getting information because it bypasses all the other expensive defences we have in place – antivirus, firewalls etc!
Phishing is an ongoing problem and Google has reported a 350% increase in Phishing attacks during the Coronavirus pandemic.
One way to combat it is through education and vigilance – learning how to spot a phishing attempt and not responding to it. This can reduce the risk but this is not 100% effective. The emails and texts are getting smarter and harder to spot and even the most vigilant and knowledgeable member of staff can end up falling foul of them, especially when busy or stressed.
What is MFA?
Instead, the best way to combat it is to not rely on passwords alone, but instead to use Multi Factor Authentication (MFA) – sometimes known as Two Factor Authentication (or 2FA). This essentially means it relies on two things – something you know (eg your password) and something you have (eg your mobile phone). So when you try to login with your password a notification is sent to your phone which you then need to accept. The result? A compromised password is useless to a hacker. Unless they also have the MFA device (ie your mobile phone) they cannot gain unauthorised access to your application and data.
MFA has been around for some time – banks have particularly been using it for a number of years. Microsoft is now insisting on it for Office 365. But what about all the other websites and applications we use? What about the logins to our computers? All of these can be protected with Duo.
Google implemented MFA across its organisation (using a USB key instead of a mobile phone) and reduced its breaches owing to phishing attacks to zero! MFA is a proven soluition.
The really good thing about Duo is how easy it is for the end user – i.e. you and your employees – to use in their day to day work. We have a short video here that shows in working on an RDP connection. We chose Remote Desktop as an example as it is a big security risk – hackers can use brute force to guess an RDP password – as well as not being well catered for by other MFA solutions.
Zero Trust
Duo works on a Zero Trust principle and as such can be used not only to provide MFA but can protect your network from unsecure devices – such as unsupported operating systems like Windows 7 or Windows XP or out of date browsers – further protecting your business from a malicious attack. This is even more important in the current environment where staff are working from home and quite possibly working on their own devices – devices which you have little control over.
The bottom line is you need to stop relying on passwords to provide protection for your systems and data. In the current climate they are just not good enough.
If you are interested in taking the next step and providing your business with the extra security it needs then contact us today for a chat.