Expanded Definition: Multi-factor Authentication

What is multi-factor authentication?

Have you ever been prompted by a website or app to enter an SMS code along with your password in order to log into your account? If so, you’ve used multi-factor authentication (MFA), a popular technique to strengthen a user’s login credentials and reduce the likelihood of an account being hacked.

The above example is also sometimes referred to as two-factor authentication (2FA), a subset of MFA, since it involves a combination of two verification factors.

Multi-factor authentication can require two or more of the following authentication methods:

  • Something the user knows, such as a password, PIN, or answer to a security question.
  • Something the user has, such as a code from an SMS text message, a code from an authenticator app, or a hardware token.
  • Something the user is, such as a fingerprint, photo of their face, or voice recording.

The use of multi-factor authentication has grown in recent years as cybersecurity attacks have become increasingly prevalent. Passwords, especially those for users with privileged access, are a target for hackers because they can access a wealth of information with just one credential. And when passwords become exposed, organizations become vulnerable to bad actors such as hackers. In fact, according to Verizon’s Data Breach Investigations Report, more than 80% of hacking-related data breaches occur due to exposed passwords.

There are a wide range of attack vectors that threat actors can use in an attempt to compromise passwords and gain account access, including:

  • Phishing
  • Credential stuffing
  • Web app attacks
  • Malware
  • Malicious insiders
  • And more

MFA is a simple way to thwart a wide range of fraudulent login attempts: Microsoft sees over 300 million illicit sign-in attempts to their cloud services every day, and they have found that multi-factor authentication prevents 99.9% of these attacks.

With multi-factor authentication, the extra couple minutes spent during daily logins will more than make up for the time (and money) organizations could lose in a data compromise stemming from a hacked account.

The MSP role in multi-factor authentication

As the number of cyber attack attempts continues to rise, MSPs must do everything in their power to keep businesses’ and users’ data as protected as possible. In addition to requiring your own MSP employees to use multi-factor authentication, helping your clients increase their credential security is often part of an MSP’s role.

Implementing multi-factor authentication & other credential protection tools

Include MFA in the tools and services your MSP offers. MSPs are often involved with security-related activities such as resetting and recovering passwords. If that’s the case for your MSP business, ensure that each of your clients understands the benefits of MFA and enforces it across the board.

To streamline login security for your own technicians and end users alike, you might also consider using a secure remote access solution that includes multi-factor authentication, IP login restrictions, and session timeout features all in one package.

Managing and monitoring assets

Even with MFA in place, sometimes a bad actor makes it through. Laptops, mobile phones, and other Internet-connected devices can become compromised. That’s why all devices must be continuously monitored in order to detect any threats that find a way to make it past even the best credential defenses.

Devices that are totally unmonitored are especially dangerous, as issues can go undetected for long periods of time and companies can become compromised without even realizing it. 

To safeguard unmonitored endpoints which may be running outdated or unsecure software, MSPs can enhance cybersecurity efforts through IT discovery and asset management. This can include:

Continuously monitoring and managing endpoints will allow your MSP business to identify problems as soon as possible and reduce the risk of an outdated device allowing hackers to enter the network. This practice is especially important for MSPs today as work-from-home and bring-your-own-device-policies become more prevalent.

Did you know?

74% of security and risk managers plan to increase their investment in multi-factor authentication.

Additional resources

blog icon Security Spotlight: Two-Factor Authentication in Remote Support

Two-factor authentication (2FA), the most basic type of multi-factor authentication, is still significantly more secure than the traditional username + password combo. Find out how to implement 2FA to increase security and prevent data loss.

Blog post >>
toolbox icon ConnectWise Cybersecurity Starter Kit

Want to get started selling cybersecurity? We’ve put together a kit to help. Download the kit today for helpful resources that will transform your business from an MSP to an MSP+ model, including educational information for your SMB customers, templates, and more.

Kit >>
work plan icon The SMB Cybersecurity Checklist

How secure are your SMB clients? Chances are, they may not fully understand their risks and exposures. Use this 30-item checklist to start the conversation around cybersecurity, help them understand the cybersecurity landscape, and assess their security postures

Checklist >>
Creating Opportunity from Adversity: The State of SMB Cybersecurity in 2020

SMBs are not immune from cybersecurity risks—quite the contrary. Our 2020 survey of 700 SMB decision makers uncovered interesting findings about how these businesses are thinking about cybersecurity, their spending plans, and what motivates them when it comes to security.

Report >>
ebook icon The Security Journey Self Assessment

Wondering where you stand in your cybersecurity journey? Take this assessment to understand how advanced your cybersecurity knowledge is and to identify areas where you can expand upon your understanding of key cybersecurity concepts and precautions.

eBook >>
blog icon Are Your Credentials on the Dark Web?

As threat actors continue to become more sophisticated in their ability to expose user credentials, implementing multiple layers of security is a must. Read this blog to learn four straightforward methods you can use to protect your business and your clients’ information.

Blog post >>