Securing your RIA includes a lot of small (but important) steps and multi factor authentication (MFA) is one of them. Security attacks that target weak or compromised login credentials are becoming more common and pose significant risk to many businesses. Without MFA, a single phishing attack could give hackers access to a remarkable amount of data that could take you many months to recover from.
MFA gives you better security than even the most complex passwords and if you’re using Microsoft to run your RIA, you likely already have the tools you need to configure it company-wide.
What is multi factor authentication?
In a nutshell, MFA creates a process that requires users to confirm their identity twice during their sign in. Typically, the first confirmation is their password. The second prompt could be a code sent to a phone or key fob, or a fingerprint or face scan. Without both, access is not granted. You have multiple choices for a second verification process including SMS, voice messages, or apps like Microsoft Authenticator.
Why should you enable multi factor authentication at your RIA?
MFA is a proven way to protect accounts, passwords aren’t
- Weak passwords and password re-use continue to be a threat despite attempts to warn and educate users. Learn more about the problem in a SANS study “Bye Bye Passwords: New Ways to Authenticate”.
- Greater risk comes when users re-use a password on a third-party app or site. If that site is breached and credentials are stolen which match credentials used on your network, hackers can gain access.
- Even long, complex, or phrase-based passwords are a risk. Passwords are broken using attacks like credential stuffing, phishing, keystroke logging, local discovery, and extortion – none of which are stopped by the complexity of your password.
- Microsoft reports that 99.9% of account compromise attacks can be blocked with MFA
MFA is part of what you already pay for from Microsoft
- MFA is part of Microsoft Azure but needs to be configured to your specific needs. Check out the Azure MFA Adoption Kit on their website.
- Microsoft lets you adjust the requirements for MFA use – from requiring all users to register for it to just administrators or for certain access
- Start by reviewing the default MFA settings and adjusting from there to meet your specific needs and compliance requirements.
- You can enable all your users at once or phase it in
- Passwordless authentication is also available from Microsoft
Secure login from different devices and locations
- MFA and single sign-on (SSO) work hand in hand and let your users access the applications with a single, verified login
- The SSO process minimizes the number of passwords and login credentials users need to remember
- Microsoft’s SSO includes thousands of third-party SaaS applications which can be linked to your user accounts
- You can create different user scenarios to define how SSO is used to access different apps and data
MFA still has risks
One of the reasons MFA stops most attacks is because hacking that second authentication step is a lot of work and more complicated than the simpler scams – which are often successful. Because they have a system that works, they generally don’t invest in developing a scam or the tech needed to compromise an MFA account. In fact, Microsoft reports that the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population. Once MFA is used more broadly by the general population, hackers might further develop strategies to get past it.
Channel jacking and real-time phishing are two ways hackers get past the security of MFA. You can read more about both of these in the blog All your creds belong to us!