Picture this: You run an exclusive nightclub with an entrance guarded by a tremendous bouncer. He holds a list of all those allowed entry on thoe wild Friday dance-off nights. You just walk up, tell him your name – and if you’re on the list, you get in. Cue “Night at the Roxbury” head tilt.
But what if some party crasher figures out who’s on the list and uses their name to get in? Without any way of matching the person to the name, anyone can claim to be anyone if they just know the name. Yeah, you can change the names on the list – but by the time they’re doing the Macarena on the dance floor, it’s too late. Your security has been compromised.
So instead of just knowing the names, you decide to make club patrons verify that they are who they say they are by checking a photo ID on the way in. Aha! Comprising security just got a lot more difficult. Now they need to first know the name THEN need to prove that they really do match the name.
The first example is what we’d call Single-Factor Authentication, meaning that a single proof is all that’s needed to get you in. The second example is what’s known as Multi-Factor Authentication (MFA), meaning that at least two factors of proof are needed – and in an age of ever-increasing business computerization and networking, multiple factors of authentication are becoming more necessary than ever before.
The National Institute of Standards and Technology defines MFA this way:
“MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint).”
According to a survey of cybersecurity experts hosted by Google – also cited in the NIST article above – MFA was voted as the 3rd most vital security practice an organization can take, after regularly installing security patches and employing effective password practices (which I’ve written about before). When you consider how disastrous it could be for malicious actors to gain access to your sensitive systems or file repositories, it’s easy to see how requiring a user to prove their identity twice over is a good idea.
And the best part? It doesn’t have to cost an arm and a leg to implement. Many MFA solutions are completely free to use. PC World offers a good list of the some of the most well-known free solutions here.
Do your enterprise applications support Multi-Factor Authentication? Many of the most common cloud applications do, like Microsoft Office 365. If you’re interested in that extra layer of security, consider discussing it with your IT team – no need for the Macarena on this dance floor!