By Vince Lujan Posted September 19, 2019
Is your company secure without multi-factor authentication (MFA)? Well, if you’re only leveraging traditional passwords… then probably not.
With so many systems and applications in use today, end users often create simple passwords that are shared across multiple IT resources. Bad actors are well aware of this, which is why compromised user credentials are a common method of attack.
Fortunately, enabling MFA throughout your network is easier than ever before. Let’s take a closer look at how MFA can benefit your organization.
What is Multi-Factor Authentication?
MFA is enabled when users need more than just their username and password to gain access to a particular IT resource (e.g., systems, servers, applications, networks). MFA leverages multiple authentication factors such as passwords, hardware tokens, smartphones apps, biometrics, time, and location.
With MFA for applications enabled, for example, a user would need to input their core credentials in addition to a secure MFA token to authenticate and gain access. As a result, a bad actor would need to compromise the core user identity in addition to a secure MFA token (which is separate from the user identity) to gain access to the user’s apps, in this use case.
How Secure is MFA?
Many IT admins believe that MFA is the most secure authentication add-on mechanism, and with good reason too. TOTP keys and hardware tokens stop the vast majority of phishing attempts and bot attacks.
Additionally, Symantec argues that 80% of the data breaches in recent years could have been prevented with MFA. So, instead of wondering if your company is secure without MFA, a better question would be how to enable MFA.
How to Enable MFA
While there are plenty of MFA mechanisms available today, most IT organizations leverage the core user identity in addition to a hardware token or smartphone TOTP (time-based one-time password) key as the second factor. For this use case, a user enters their password and a numerical code from a secondary method such as a smartphone, app, or hardware token from Yubikey.
Historically, this type of setup has required a traditional directory services platform such as Microsoft Active Directory® (AD) or OpenLDAP™ in addition to a third-party MFA add-on provider. Otherwise, sysadmins had to individually enable MFA per user for each of their IT resources – assuming that the IT resource supported MFA – which falls apart as an organization grows.
The good news is that there is now another option. Through JumpCloud® Directory-as-a-Service®, MFA functionality can be quickly and holistically implemented as a service for systems, servers, applications, and networks.
MFA with JumpCloud
JumpCloud views MFA as a core part of the Directory-as-a-Service platform, rather than another third-party add-on expense. JumpCloud supports MFA through TOTP token generators such as Google Authenticator. The end result is enhanced protection for your modern environment, and it’s all managed from a centralized location in the cloud.