Did you know 99.9% of accounts get hacked because they were not using multi-factor authentication?
Microsoft engineers said that’s around 1.2 million accounts being compromised every month.
So how do you increase your business cyber security?
By James Poole – Senior Network Security Engineer
World Password Day
Today is World Password Day (it happens every year on the first Thursday of May) and was created to try and encourage people to strengthen their passwords. Now more than ever with hundreds of thousands of people working from home and with cyber attacks on the rise, we need to encourage a stronger approach to cyber security.
Users still aren’t getting the message, 15% of people use their pet names as passwords on their online accounts according to National Cyber Security Centre. family members’ names came a close second and 6% admitted using ‘password’ as all or part of their password.
Security has never been more crucial so here are our 3 top tips for a harder to hack password:
- Don’t use real words.
- Create longer passwords – Go for a minimum of 10 characters and always use numbers and special characters if they are allowed.
- Always use different passwords for different accounts and use a password manager like 1Password or LastPass so that you don’t lose track.
Increase Your Cyber Security with MFA
Times have changed since World Password Day was created and now, despite many still not using secure passwords, an extra form of cyber security is required.
Two-factor authentication (2FA) or multi-factor authentication (MFA) is used to improve security when accessing systems and services.
MFA is already integrated into many areas of our lives such as paying for your shopping with a credit card and using a PIN code to authenticate the transaction.
There are 3 main types of authentications:
- Something you have – a physical item you carry with you, phone, card, fob.
- Something you know – knowledge that only you have, password, PIN, security question.
- Something you are – your unique biometric information, fingerprints, retina, voice, or face.
The difference between MFA and 2FA is simple. Two-factor authentication always utilises two of these factors to verify the user’s identity. Multi-factor authentication could involve two of the factors or it could involve all three. “Multi-factor” just means any number of factors greater than one.
The Benefits of using MFA
MFA significantly increases the difficulty for an attacker to compromise an account or system.
Let’s assume an attacker has managed to acquire your username and password (something you know) they would still require the additional authentication that you would physically have with you, whether it’s a code from the app on your phone (something you have) or fingerprint ID (something you are).
The authentication process has progressed significantly since its original implementations, options such as hard tokens powered by a battery displaying a unique code that changes every 30 or 60 seconds, codes sent by SMS or automated phone calls have been superseded.
Many systems including Microsoft 365, take advantage of an authenticator app on a mobile phone. When a user tries to access a system, they would be required to access the authenticator app on their phone, generate a one-time code, and then enter this code into the system. The user then simply gets a notification message on their phone with the option to either permit or deny access to the system. This makes for a very simple and user-friendly experience.
Multi Factor Approach to Your Cyber Security
MFA is the step you need to keep your business data, accounts and systems secure, but it’s not a silver bullet.
Hackers are increasingly taking the time to create convincingly accurate phishing pages and e-mails mimicking those of the systems they are trying to compromise.
IT Naturally would recommend a combination of strong passwords, MFA, user security training and other security tools.
Outsource your business IT Infrastructure to IT Naturally where we can show you how to secure your systems in the best way.