It's time to enable Two-Factor Authentication on everything
Stop 99% of account hacks with this one move.
Two-Factor Authentication (2FA) utilises time-sensitive token generators, or passcodes, to help prevent identity theft and data loss. It's one of the best ways to prevent unauthorised access to your accounts, even when a password is compromised.
There are still many organisations that have yet to activate 2FA/MFA on their accounts, despite the best efforts and warnings from the security and IT community. Tens of thousands of Australian businesses are still vulnerable.
A quick recap: What 2FA/MFA is and the benefits:
Two-Factor (2FA) is a type of authentication that requires two steps. e.g. A password and a one-time generated code via SMS.
Multi-Factor Authentication (MFA) is a type of authentication that requires two or more factors of authentication.
2FA/MFA - they both point to the same thing: ensuring multiple security steps are installed to make it harder for unauthorised access to an account.
An account is more than 99.9% less likely to be compromised if you have MFA enabled.
2FA and MFA can slow down hackers as they attempt to move through your accounts or systems.
Both 2FA and MFA are easy and low-to-no-cost to implement in your organisation.
Two-Factor Authentication is easier than you think
According to the SANS Software Security Institute, there are two common roadblocks to adopting 2FA or MFA implementations today:
A misconception that 2FA/MFA requires external hardware devices
Concern about potential user disruption or concern over what may break
Two-Factor Authentication doesn't require external hardware, nor does it have to cause disruption to your business operations. What does cause disruption is losing access to your most important accounts, data or systems.
At ShadowSafe, we recommend apps such as Microsoft Authenticator and Authy for enabling two-factor authentication. Time-sensitive app-generated codes offer a good protection. SMS-generated codes, while sim-swapping poses a small risk, is better than having no protection at all.
Identify which accounts to use 2FA/MFA
As a general rule, we recommend enabling SMS Two-Factor Authentication on all essential accounts where possible. Depending on the size of your organisation, you may want to have a dedicated phone number for specific codes, or allocate numbers based on organisational roles.
For highly critical accounts of administrative access level, we recommend Two-Factor or Multi-Factor Authentication that requires an app-generated code.
Book a Call with ShadowSafe
Talk to our team to get guidance and support with implementing Two-Factor or Multi-Factor authentication across your organisation. We offer this as a service to all our existing cyber-security and managed IT customers.
Don't have a managed IT support team or cyber-security experts in your corner? We'd love to connect with you and help your business grow securely online.
Book A Call with James Bartrop and the team at ShadowSafe.
