Introducing and Enforcing MFA

Cybercriminals are becoming proficient at accessing your credentials, so it’s critical to enable and ensure all of your users are using MFA. It's never 100%, nothing is when it comes to Security, but having the basics in place is one more step an attacker needs to overcome.?

MFA is also known as 2 step verification, and it can be a password, security token or biometric verification. These are some of the more popular methods, and you will recognise Microsoft Authenticator and Google Authenticator as some of these methods?

Consequently, if attackers breach one security layer, they’ll still have to do a lot of digging to access your information allowing you more time to identify and potentially stop the attack.?

We recommend all accounts, where it is supported, are protected with multi-factor authentication as standard. Without it, it could leave the business at greater risk of falling victim to a breach.?

If MFA is enabled, it can reduce fraudulent sign-in attempts by a staggering 99.9%.?

Number matching has been in public preview for MFA since November 2021, and almost 10,000 enterprises are already using it daily. It is also the default experience for password-less phone sign-ins using Microsoft Authenticator or Google SmartLock.?

The best and most secure form of MFA is the security key.??

The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.??

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.?

A Google study looked at the effectiveness of these three methods of MFA at blocking three different types of attacks. The security key was the most secure overall.??

Percentage of attacks blocked:?

• SMS-based: between 76 - 100%??
• On-device app prompt: between 90 - 100%??
• Security key: 100% for all three attack types?

If you want to learn more useful tips and hits to improve your cyber security, check out our full blog linked below.