By Greg Keller Posted May 24, 2017
Multi-factor authentication (AKA two-factor authentication) is the number one IT security capability that an organization can implement.
That’s a pretty bold statement.
There’s room for argument. But there’s no argument that MFA is a significant step-up in security for any organization. Yes, you could make a case that your firewall, anti-virus, or user management system is the number one security capability. It’s true that you need some of those before you can even get to MFA, but nobody can fairly debate the effectiveness of MFA.
Single Passwords, Double Trouble
User accounts could be protected with passwords in the past. Hackers just didn’t focus on breaking into user accounts as much a long time ago. Over time, we learned the benefits of having longer and more complex passwords.
Most users realized that their spouse’s name as a password would be easily hacked.
With the advent of better passwords, we also started to see an explosion of online accounts. Every user now has many personal and professional accounts. Remembering all of these passwords started to become impossible. Consequently, we saw users slipping back to using a single password for many of their accounts.
As a result, this raised the risk to organizations worldwide. A compromised site that your employee used in their personal life could now impact your business.
Exponentially Grow IT Security With Multi-Factor Authentication
User accounts were now a liability for IT organizations. Of course, users could not do any work without online accounts such as Google Apps or Office 365. A user’s password to these critical services was something that they knew. For example, it may be a word, phrase, sentence, or even nonsensical grouping of characters. Unfortunately, those passwords could be hacked any number of ways. As a result, many organizations started to implement another ‘factor’ that needed to be added to the login process.
Now, a user not only needed to know their password, but they also needed to provide a token that was generated from something that they had. These tokens are often generated by a smartphone application such as Google Authenticator. This code is then entered upon login in conjunction with the password. A hacker now needed to have the user’s password and smartphone. The chances of that happening were remote at best and as a result, the user account became much more secure.
IT Security Capability for Systems and Applications
We’re going to go out on a limb and say this: if an account has multi-factor enabled for user accounts, it is virtually unhackable. In our opinion, MFA/TFA is one of the strongest security measures that an organization can take to protect themselves. There are two general methods that IT organizations use to implement 2FA. One is at the system level and the other at the application level.
System-level MFA is implemented when you log into your device. A user’s device is their conduit to the network and applications. By setting up MFA at that central control point, a user cannot get into your system, which would have data and access to a wide variety of IT systems.
Application level MFA controls access at the application point of entry. In order for this method to work, every application would need to have MFA implemented, or it would need to be implemented at the central application entry point. Generally, this means a user console inside of a single sign-on application.
One Solution, MFA Two Ways
Both system-level MFA and application-level MFA have pros and cons. JumpCloud’s Directory-as-a-Service® gives you the best of both worlds by implementing system-level MFA for Mac and Linux devices. The JumpCloud® Identity-as-a-Service platform controls access to the user console for SSO via MFA as well. That way, you can implement both levels of multi-factor with one core identity management solution.
Try JumpCloud’s System-Level MFA And Application-Level MFA
If you would like to learn more about how JumpCloud’s Directory-as-a-Service platform is supporting the number one security capability that you can implement on your network – multi-factor auth, drop us a note. We’d be happy to talk to you about it and why it is so critical to your IT security. You are invited to try our systems or application-level MFA capabilities. Your first 10 users are free forever.