As promised last time, this week's Security Warning Wednesday topic is:
Multi Factor Authentication
Multi Factor Authentication (MFA) is a form of authentication that uses two of the three of these:
- Something you know: (password, PIN code)
- Something you have: (cell phone, token card, smart card)
- Something you are: (fingerprint, retinal scan)
The perfect example of MFA that most people use is a debit card. In order to use it in an ATM, you must have both the card and know the pin. MFA has been a staple in enterprise systems for many years and has leaked out into the mainstream in the past few. Large sites like Yahoo, Google and Apple support it. If your password is compromised in an attack, you still need to change it but the odds of your account actually getting compromised are close to nil.
At NeoCloud Consulting we implement MFA for all of our clients' remote access needs. It is not only required for HIPAA Compliance but it's an information security best practice. We also recommend that you turn it on for all possible personal accounts. Most people carry their cell phone with them most of the time so that aspect makes it super convenient as well. Here are some links to help you enable MFA for your personal accounts:
Yahoo: Add two-step verification
Google: Enable 2-step verification
Microsoft: Add two-step verification
I did intentionally call all of the "enable" links something slightly different because that is how those particular vendors refer to them. The minor inconvenience of having to use your smartphone to assist in your login is well worth the extra security provided.
If you have any questions or comments, please leave them below.