More

More

Multi-Factor Authentication – A Necessity in Today’s World

by Thomas G. Stephens, Jr., CPA, CITP, CGMA | Nov 07, 2019
multi_factor_authentication_concept_blog_horizontal_400x250

From the perspective of data security, today’s world is an extremely dangerous one. It is hard to go a single day without hearing about yet another data breach, a phishing incident, or some other form of security nightmare. Yet, virtually all of us have a simple and highly effective security option available in the form of Multi-Factor Authentication (MFA). In this article, we explore MFA and how and why you should implement it to improve the security of your data and reduce the likelihood that you will become yet another victim.

What Is Multi-Factor Authentication?

MFA is a security protocol that requires you to log-in (authenticate) to a website or application by using more than just your username and password. With MFA in place, you authenticate to a website or other application by using at least two of three of the following characteristics.

  1. Something you know, such as a username/password combination.
  2. Personal characteristics, such as a fingerprint, retina scan, or facial recognition.
  3. An item that you have in your physical possession, such as a key fob or a smartphone.

A common form of MFA in use today begins by entering a username/password combination to log-in to a website. Upon doing so, the user receives a numeric code on their smart phone and, in turn, they also enter that code into the website to complete the process of authenticating to the website. The advantage to MFA in this scenario is that someone attempting to “hack” their way into the user’s website would not only need to know the username/password combination, but they would also need to have the user’s smartphone in their physical possession in order to receive the text message to complete the authentication process. And, while this is not an impossible scenario, it is a far less likely one than the hacker knowing the user’s username and password combination. As a result, the risk of the hacker accessing the user’s account is diminished significantly.

Which Apps and Services Offer Multi-Factor Authentication?

Maybe a better question is which ones don’t, because virtually all websites and applications that provide access to sensitive data today offer some form of MFA. For example, most banking and other financial websites support MFA as a means of making it more difficult for a hacker to gain unauthorized access to an account. Similarly, many accounting applications – both Cloud-based and desktop/server-based – also offer MFA as a means of providing advanced security for the data stored in the database. Many mobile apps also offer MFA as a means enhancing security. Even Windows 10 offers MFA as a security option through its “Windows Hello” feature. With this tool, users can log-in using traditional username/password combinations, PIN codes, fingerprint scans, or facial recognition – or some combination of each of these factors. Further, Windows 10 allows users to “pair” their Bluetooth-enabled smartphones to their computers so that if the smartphone is out-of-range of the PC, the PC automatically enters “locked” status; this particular feature is known as “Device Lock.”

How Do I Activate Multi-Factor Authentication?

Of course, the process for enabling MFA will depend upon the application or service in question. However, in general, it will be necessary for a user with “administrative” rights or privileges to activate MFA for an application or service in use by a business. For example, an Office 365 Administrative user can enable MFA for a single Office 365 user or for all users in an organization. On the other hand, an individual user can enable MFA on their banking website (assuming this feature is offered by their bank) by modifying their settings on the site. Notably, virtually all websites, applications, and services through which sensitive information can be accessed offer some form of MFA today.

What Should I Do if Multi-Factor Authentication is not Available?

If a website, service, or application that you use does not offer MFA, you should contact the publisher to ensure that MF is, indeed, not available. If it is not and you are committed to continue using that website, service, or application, then you should ensure that you adhere to the principles of strong passwords, which include the following:

  • Passwords should be at least twelve alphanumeric characters in length.
  • You should never write your passwords down.
  • Never share your passwords with anyone.
  • Change you passwords immediately if you suspect that they may have been compromised.
  • You should use a separate password for each website, service, or application you access.

From a practical perspective, most individuals simply cannot comply with the guidelines outlined above and, to that end, password management tools such as Roboform, LastPass, KeePass, Dashlane, and Zoho should be used to help manage passwords. (You can access CNET’s best password managers for 2019 by clicking here.) Remember, if the websites, applications, and services you use do not support MFA, the security of your sensitive data will be almost solely determined by the strength and security of your passwords…this is not a time to be lax with your passwords!

Summary

Data security is a top-of-mind concern for all business professionals today. Yet, all too often these same professionals do not take advantage of the tools that are available to them – such as Multi-Factor Authentication – that can strengthen the security of this data. To the extent that you have access to MFA, ensure that you activate this feature everywhere so that you will reduce the chances that you become yet another victim of a data breach. Remember, cyber criminals are always looking for the past of least resistance; enabling MFA will make that path more difficult, if not impossible, for them to travel in order to steal your data.

Stephens_TommyTommy is one of the shareholders in K2 Enterprises, affiliating with the Firm in 2003 and joining as a shareholder in 2007. At K2, Tommy focuses on creating and delivering content and is responsible for many of the Firm's management and marketing functions. Tommy resides in the metro Atlanta area. You may reach him at tommy@k2e.com.

Learn more about this and many other technology topics at the 2019 Technology Conference presented by K2 Enterprises, November 21-22, 2019, at the Lynnwood Convention Center.

You are not allowed to post comments.

ABOUT WSCPA

The Washington Society of Certified Public Accountants is the only organization in the state of Washington dedicated to serving the professional needs of CPAs, educating consumers about CPAs and the services they provide, and encouraging students to study accounting and enter the profession.

Your Profession. Your Future. Your Advocate.

CONTACT

Washington Society of CPAs
902 140th Ave NE
Bellevue, WA 98005-3480

The WSCPA's business hours are 7:30 a.m. to 4:30 p.m., Monday through Friday.