What is Multi-Factor Authentication? Why do you need MFA for your small business?
What is Multi-Factor Authentication?
Multifactor Authentication, also known as MFA, adds another layer of security to an account. Instead of only entering a password to access an account, you also have to authenticate your account with a code or text from your phone or a security key.
MFA is the best way to secure key business accounts from hackers. If a hacker already knows your email address they only have to hack your password. With MFA they also have to hack something else to gain access. I recommend MFA particularly on Facebook and Instagram accounts as there has been a huge increase hacking on those two in the last year.
Insurance companies are asking businesses if they have implemented MFA on key accounts (like email, banking, website) as part of insurance renewal. If you haven’t implemented MFA, your business insurance probably won’t cover you if those accounts get hacked.
Three different kinds of MFA
There are three different kinds of MFA:
- simple text message code to your smartphone (okay security)
- authentication code from an authenticator app (better security)
- authentication code from a security key (best security)
You’re probably have already used the text message code to your smartphone. A lot of banks and credit unions already require this kind of authentication. It’s okay security. Smartphones have been hacked and hijacked to get around this measure.
Authenticator Apps provide better security. You can install the app on your smartphone (great if you’re on the go) or use a desktop application. Google Authenticator and Microsoft Authenticator are the two most common. Those apps are free.
If you have staff it’s best you standardize which authenticator app you will use. It’s easier and cheaper to support only one app. If you’re securing business email accounts do you want staff to use their own personal phones? Or a desktop app on your business equipment?
Besides those decisions, you also need to back up the authentication app. For some bizarre reason the Microsoft Authenticator app requires a personal Microsoft account (think @outlook.com or hotmail.com) instead of business Microsoft account. Phones can get lost or upgraded. You need to know how to move the authentication app to another device.
Authentication apps are better security but not hacker proof. The recent Uber hack came about when an hacker successfully convinced an employee to authenticate the hacking attempt.
Security keys like Yubikey provide the most security but can be the most complex to set up. Keys are also the most expensive security solution.
Before implementing security keys you have to ask yourself is the value of what you’re protecting worth this cost? Are you (or any of your staff) prone to losing little bitty tech pieces?
Prices start from $50USD for a single key. In case you lose the key, Yubikey recommends you buy a second one.
Why do the prices range? It depends on what devices you use the key with. Most keys come with NFC (near field communication) to connect to your smartphone. Most keys come with some version of USB connector for your computer. Yubikey has a cool quiz to help you select the kind you need.