Multi-factor authentication (also called MFA, two-factor authentication, or 2FA) is perhaps the number one security improvement that an IT organization can implement.
We know that’s a pretty bold statement, and there’s definitely room for argument. But there’s no argument that MFA is a significant step-up in security for any organization with little to no security measures currently in place.
Yes, you could make a case that your firewall, anti-virus, or user management system is the number one security measure. It’s true that you need some of those before you can even get to MFA, but nobody can debate the effectiveness of MFA. Even Google’s recent study on the effectiveness of MFA shines a bright, positive light on the technology.
Single Passwords, Double Trouble
In the past, passwords were effective at protecting user accounts.With the advent of the Internet, we saw an explosion of online services, and hence more accounts for each person. Every user now has many personal and professional accounts. Remembering all of these passwords started to become impossible. Consequently, we saw users slipping back to using a single password for many of their accounts, including their personal ones. As a result, this raised the risk to organizations worldwide. A compromised site that your employee used in their personal life could now impact your business.
By necessity, we needed a better approach to passwords. We now know the benefits of having longer and even more complex passwords, although the National Institute of Standards and Technology (NIST) now focuses its guidance on length. We also saw the introduction of password management systems to help support this problem of too many passwords.
Exponentially Grow Security With Multi-Factor Authentication
Although long, complex passwords help stem the issue, they can still be compromised with relative ease. That’s why we’re going to go out on a limb to say: if an account has multi-factor enabled for user accounts, it is virtually unhackable. MFA is one of the strongest security measures that an organization can take to protect themselves.
MFA relies on the use of unique tokens as an additional authentication factor. These can be generated by a smartphone application such as Google Authenticator, or exist in the form of a physical Universal 2nd Factor (U2F) key. This factor is then offered upon login in conjunction with the password.
Now, hackers need to have the user’s smartphone or U2F key on top of their username and password. The chances of that happening are remote at best and as a result, the user account is much more secure.
There are two general methods that IT organizations use to implement 2FA. One is at the system level and the other at the application level.
System-level MFA is implemented when you log into your Windows®, Mac®, or Linux® device. A user’s device is their gateway to the network and applications. By setting up MFA at that central control point, a non-user cannot get into your system, which would have data and access to a wide variety of IT systems.
Application level MFA controls access at the application point of entry (web app, legacy app, or even a network connection, such as VPN application). In order for this method to work, every application would need to have MFA implemented, or it would need to be implemented at the central application entry point. Generally, this means a user console inside of a single sign-on application.
One Solution, MFA Two Ways
Both system-level MFA and application-level MFA have benefits. JumpCloud® Directory-as-a-Service® gives you the best of both worlds by implementing system-level MFA for Mac, Windows, and Linux devices. The JumpCloud Identity-as-a-Service platform controls access to the User Portal for SSO via MFA as well.
Further, through RADIUS MFA, when users login to their VPN, they can be triggered for their MFA code as well. That way, you can implement both levels of multi-factor with one core identity management solution.
Try JumpCloud’s System-Level and Application-Level MFA
To learn more about how JumpCloud’s Directory-as-a-Service platform is supporting the number one security capability that you can implement on your network – multi-factor auth / 2FA, drop us a note. We are happy to talk to you about it and why it is so critical to your online security.
You can try our systems or application-level MFA capabilities absolutely free. Your first 10 users and systems are free forever with 10 days of 24×7 premium chat within the platform to get help with what you need.