By Rajat Bhargava Posted May 23, 2017
Identity theft is one of the most difficult problems to address. There are more online user accounts per person than ever before. All of those user accounts translate to more opportunities for account compromises. Even if the accounts are personal accounts, they pose a risk to your organization due to password reuse. All of these online accounts are causing significant security issues for IT admins.
The one essential security measure that they are taking to prevent online account theft is multi-factor authentication (MFA).
Understanding Multi-Factor Authentication
Often referred to as two-factor authentication, MFA is a critical and important tool in the fight against identity theft. Multi-factor authentication adds a second factor to the login process. Users now must enter a token or code that is generated on their smartphone via an app such as Google Authenticator. The code is a randomly generated number that is tied to the system or application that the user is logging into. This forces the user to have something in addition to the password (which is something that they know).
Compromising Security Via Passwords
The reason that MFA is so powerful is that passwords are being compromised in droves. Even strong passwords can be hacked because users often will reuse passwords. A compromised site’s usernames and passwords are leveraged throughout the Internet to see if there are matches. Let’s say that the site that has been compromised is personally used by the individual. Those user accounts could still be leveraged on your business related accounts. That’s a massive risk for organizations and a headache for IT admins.
Implementing MFA Is An Essential Security Measure
Ultimately, there are two paths for IT to solve this issue. One is to train your users to leverage unique passwords on each site and to also use complex and long passwords. This is a lot of trust to be placing with your users. Many users will comply, but some will not. Those that don’t are the weakest link to your organization’s IT network. Having good password hygiene is an important security training item. Many IT admins aren’t just relying on their users. They are also implementing the second option to address identity theft: multi-factor authentication. MFA is a significant step-up in security.
Exploring System-Level MFA And Application-Level MFA
MFA capabilities can be enabled at the system level and the application level. Both are powerful security measures with relatively minimal overhead for the user. System-level MFA adds a code to the laptop or desktop login. In addition to their password, an MFA code is required at boot up.
For application-level MFA, a code is required when logging into the application. This level of 2FA is critical for core applications such as Google Apps and Office 365. Both of those platforms are a conduit to the user’s email, which is subsequently a conduit to just about all of the other accounts a user has.
Application-level MFA can become tedious if a user has a number of applications. Often, IT simplifies this by leveraging MFA with a single sign-on solution. The user logs into the user console for the SSO solution with 2FA and then makes their way to the application. Both paths are essential security measures for IT.
Leveraging Multi-Factor Authentication With JumpCloud®
If you would like to learn more about how to leverage multi-factor authentication at the system and/or the application level, drop us a note. JumpCloud’s Directory-as-a-Service® functionality supports multi-factor authentication for Mac and Linux devices as well as on the user console for single sign-on support.
You are welcome to sign-up for a free account. Your first 10 users are free forever.