Improve Account Security by Enabling Multifactor Authentication
Tuesday, May 17th, 2022This month, the Cybersecurity and Infrastructure Security Agency (CISA) launched an initiative called MFA May to encourage individuals and businesses to enable multifactor authentication for their accounts. This article defines multifactor authentication and explains why organizations should implement it to improve the security of their accounts.
What is Multifactor Authentication?
Multifactor authentication requires users to present two or more credentials to log in to their accounts. Multifactor authentication is sometimes called two-factor authentication for this reason. The first factor required is a typical username and password. The second factor is usually a code contained within a text, email, or push notification. The user must enter this numerical code to confirm that they are logging into the account. Sometimes an authenticator application is used to generate the code. Instead of a numerical code, the second factor could be a biometric marker like a thumbprint scan.
By requiring a second piece of information to log in to an account, multifactor authentication increases the security of accounts. Even if a hacker gets ahold of your password, they will be unable to log in to an account without the second piece of authentication.
How Multifactor Authentication can Stop Cybercriminals
As you can tell, multifactor authentication is an effective tool for limiting account access. A study by Microsoft found that users who enable multifactor authentication for their accounts will block 99 percent of automated attacks.
It is easier than ever before for hackers to acquire users’ passwords. Data breaches compromise millions of account credentials each year, which can be purchased on the dark web for pennies. Hackers can also use dictionary attacks to guess simple passwords using computer technology. Lastly, users may unwittingly hand over their credentials to a malicious actor during a phishing attack.
However, administrators can stop these attacks by enabling multifactor authentication. Even if a hacker knows your password, they will be unable to access your account without that second piece of information.
How to Enable Multifactor Authentication
Many vendors now offer multifactor authentication. We recommend enabling it as often as possible, especially for sensitive accounts like email, financial accounts, and medical records.
LuxSci has offered options for multifactor authentication to our users for over a decade. Users have the flexibility to choose the second option for authentication. They can choose to send a token to an alternate email address or enable a third-party app like DuoSecurity or Google authenticator to validate their identities. Please contact our support team to learn more about enabling multifactor authentication on your LuxSci account.
Conclusion: Why Use Multifactor Authentication
Cyber threats are increasing across all industries. Although HIPAA does not yet require users to implement multifactor authentication, security experts strongly recommend it. Enabling multifactor authentication is an inexpensive and effective way to improve your security posture. Although users may object to the extra step, enforcing multifactor authentication as an administrator is a smart move.
Can I block this one IP that is scanning our accounts? Can I restrict my account so that people can only access it from our office network, or require that they authenticate to WebMail first (using two-factor authentication)?
