Theft of login credentials spiked to an all-time high recently. Credential theft claims responsibility for more data breaches than any other type of attack. Multi-factor authentication (MFA) blocks 99.9% of credential theft attempts, but never gets used as much as it should.
Data and business processes frequently use cloud-based storage and apps these days. User passwords offer the easiest, quickest method to perform multiple types of sensitive activities.
Criminals who log in as users, especially users with admin privileges, promptly send out phishing emails from your company’s account to staff and clients. These sorts of hackers also infect your cloud data with ransomware, demanding thousands of dollars from your business to regain access.
Using the best proven protection method for online accounts, data, and business processes has become vital to keeping up in today’s marketplace. MFA offers maximum security to accounts and business data.
Even if a would be criminal grabbed legitimate user credentials to log in, MFA provides significant barriers. When a user logs in, MFA sends a one use code to a particular device or alternate email. The user must enter that code in addition to their regular username and password. Cybercriminals usually don’t have access to that device or alternate email required to complete the authentication process.
Recycling cell phone numbers can easily damage that security, so find out how to safeguard reusing cell phone numbers to avoid those security problems.
The Three Main Types of MFA
When implementing multi-factor authentication, comparing the three main types of MFA helps get the best one for your company. Don’t assume all methods are the same. Key differences make some more convenient and some more secure.
Let’s analyze at what those three methods are:
Most people are familiar with SMS-based multi-factor authentication. The user enters their credentials, and the program sends a one off, time sensitive code to their preset texting number.
During setup for this type of MFA, the user must enter their mobile number. Changing that number often requires a number of authentication steps, so it’s important to change prior to disconnecting the old number.
On-Device App Prompt
The next type of MFA uses special apps to push the code through to the user. The one off time sensitive code still generates at the login attempt, but instead of receiving it as a text the code comes through the app instead.
Using app prompts allows the push notification to come through either a mobile or a desktop app, making it a good choice for companies that don’t provide mobile phones to their users.
Security Key Method
The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.
Separate security keys offer one of the highest levels of security so long as the key is kept track of. Security keys get purchased at the time of MFA setup for this method. The key is usually smaller than a USB drive, and the user plugs the key into any system they wish to log in through. The key is what receives and automatically implements the MFA code.
Now, let’s look at the convenience vs security between these three methods.
Most Convenient MFA?
Team members often get frustrated by MFA, feeling as though it slows them down. Frustration increases when they must learn a new app or remember to keep track of a tiny security key. When (not if) they misplace that key, tension spikes through the roof.
Employee pushback sometimes makes companies avoid MFA protection, because what good is a security system nobody wants to use?
The best solution then generally means SMS-based multi-factor authentication. Most people are already accustomed to text messages, there’s no new interface to learn, app to install, or tiny bit of hardware to lose behind the desk.
Most Secure MFA?
When your company handles sensitive data within a cloud platform, say online accounting solutions, then security trumps convenience.
Security keys offer the most secure form of multi-factor authentication
Given that security keys are separate devices, your accounts don’t dangle in the wind if a mobile phone is stolen or lost. Both SMS and app based MFAs leave accounts vulnerable in this case, while security keys don’t.
Security keys are also much easier to obtain from an employee who is moving on for whatever reason, without risking conflict over the employee’s mobile device. People get quite attached to their phones and tablets, especially when the company doesn’t provide them.
SMS-based offers the least security because malware can clone SIM cards, sending all text messages to a third party. While the actual owner of the smartphone believes they’re going on business as usual, they don’t know all their data is being sent to two locations instead of one.
A Google study studied the effects of these three types of multi-factor authentication when blocking three different methods of attack. The security key offered the highest overall security.
Percentage of attacks defeated:
- SMS-based: between 76 – 100%
- On-device app prompt: between 90 – 100%
- Security key: 100% for all three attack types
What About That Third Option?
Where does the app with an on-device prompt fall? In between the other two MFA methods, offering a hybrid of security and convenience.
An MFA application delivering a code via push notification is more secure than text message based MFA. It’s more convenient than carrying an extra security key that falls behind the counter. It’s also easy to delete off an employee’s device if and when that employee moves on.
Why Are You Talking About This? Don’t You Just Do Phones?
Here at NoContractVoIP, we believe that your success is our success. To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.
Looking for the finest stress-free custom business telephone systems? Contact us or call today at 866-550-0005!