You May Also Like
What Are Data Leaks?
Data leaks occur when sensitive data is unintentionally exposed from within an organization. Data leaks can refer to both the leakage of digital data, meaning anything that can be transmitted through the internet, as well as...
3 MIN READ
Published on October 27, 2022
Published on October 27, 2022
Written by Craig Lurey
A weak password can easily become compromised by a cyberattacker, but employing multi-factor authentication (MFA) can stop a cyberattacker in their tracks. MFA is recommended as a best practice by the US National Institute of Standards and Technology (NIST) to reduce risk.
Learn more about MFA and how it can protect your company from cyberattacks.
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is an authentication method where the user is granted access to a website, application or platform only after providing multiple verification factors that validate their identity.
An MFA solution only gives users access after the user provides multiple verification factors. These verification factors can be:
- Something you are — Biometrics authentication uses a fingerprint or iris scan, facial recognition or another unique physical trait to identify the user.
- Something you have — An authentication app, such as Microsoft Authenticator or Google Authenticator, provides the user with a One-Time Password (OTP) code to input into the application to verify their identity.
- Something you know — Security questions make it difficult for attackers to bypass MFA authentication since the answers contain personal information that only the authorized user is privy to.
A real-world example of Two-Factor Authentication (2FA) in action happens every time you take money out of an ATM. You must insert your bank card (something you have) and input your PIN (something you know).
Why Your Organization Should Use 2FA/MFA
Enabling two-factor or multi-factor authentication is a simple way to keep your data protected and prevent cyberattacks. MFA can block over 99.9% of account compromise attacks, according to a Microsoft report.
Employing 2FA/MFA helps prevent unauthorized users from accessing your network—but it also offers additional advantages. Below are some of the benefits of multi-factor authentication.
Provides Additional Protection
In 2021, two billion records containing usernames and passwords were compromised— a 35% increase over 2020, according to the 2022 ForgeRock Consumer Breach Report.
MFA enhances protection and prevents unauthorized attackers from accessing your network. Users can enable MFA after making an account with a site or application. In addition to logging into the account, a second verification method is required. For example, users can choose to:
- Confirm the login through an authenticator app available on their mobile phone.
- Enter a numerical code delivered to the user’s email address or mobile device.
- Answer personal security questions specific to the authorized user.
If the user can verify themselves following the second (or third) authentication method, only then will they gain access to the account, platform or application.
Meets Regulatory Compliances
Employing MFA is an essential requirement for many industry and regulatory compliance standards. For example, the Payment Card Industry Data Security Standard (PCI-DSS) requires MFA to be used to prevent unauthorized users from accessing networks, and two-factor authentication is mandatory when accessing government websites.
Integrates with Single Sign-On (SSO) Solutions
MFA integrates with single sign-on solutions, which allow users to save time while also enhancing security. Rather than having to enter a different password for every application and platform, SSO enables users to sign in just once.
Keeper SSO Connect is a cloud-based solution that seamlessly integrates with existing SAML-based SSO and passwordless solutions like Okta, Microsoft Azure AD and Splunk. Our admin console offers Role-Based Access Controls (RBAC) so IT and security administrators can delegate access to appropriate team members.
Customizable Security
MFA offers several different authentication methods, allowing users to customize their experience. While some users may prefer to use Face ID or fingerprint scanners on their mobile devices, others might prefer to verify their identity through an SMS text message or an app like Google Authenticator.
What Is the Risk of Not Using Multi-Factor Authentication?
In May 2021, Colonial Pipeline suffered a ransomware attack. Cyberattackers used compromised credentials to access the company’s network and held sensitive data hostage, demanding a ransom be paid in exchange for the encrypted files. MFA could have prevented this incident.
MFA can protect against phishing, malicious code, social engineering, DDoS attacks, malicious software and password brute-force attacks, and failing to deploy it can result in compromised data and massive financial losses. The ransomware attack on Colonial Pipeline resulted in the company paying $5 million in bitcoin for a decryption key to retrieve their files.
How Keeper Secures Data with 2FA
Keeper users can enable 2FA/MFA through Keeper’s role-based enforcement policies or configure it directly in their digital vault. The administrator can enforce two-factor authentication to ensure that all systems and data are protected from unauthorized users.
Watch the video below to learn how to enable 2FA/MFA in your Keeper vault.
Refer to our user guide in our documentation portal for more information on setting up two-factor codes in your Keeper records.
