In Blog, Multi-Factor Authentication (MFA)

According to the 2018 Global Password Security Report, only 45% of organizations are using two-factor authentication (2FA). While this is a significant increase from the 24% who were using it in 2017, it’s still not enough. Let’s take a look at why two-factor authentication matters enough that it warrants every organization using it. First, what is two-factor authentication?

Two-factor Authentication—What is It?

Two-factor authentication is essentially the addition of an extra authentication step when you access a digital asset. When two-factor authentication is enabled, a user has to authenticate to a resource with a password that they know, and something that they have. The something that they have could be one of the following:

  • A time-based one-time password (TOTP token) generated from an app on their phone
  • A hardware authentication device like a YubiKey
  • A code sent via SMS (the least secure option)

So, if a hacker has a set of compromised credentials for a 2FA enabled account, they won’t get very far unless they also have the phone or hardware authentication device, which is much harder to get their hands on.

So where should you require 2FA? Well, it’s in your best interest to enable two-factor authentication everywhere possible, and depending on your identity provider, it’s not hard to do so. Cloud identity providers in particular make it easy to require 2FA on systems, servers, applications, the identity provider console, and many other areas of your IT environment. Let’s take a look at why you should require it everywhere.

Passwords Aren’t Enough

The main reason why two-factor authentication matters is that a password is no longer strong enough on its own to protect your company’s data. Here are a few statistics as to why:

These statistics demonstrate that the passwords used to guard your company assets have a good chance of being available on the dark web and that they aren’t following secure practices. So it really shouldn’t come as a surprise that stolen/weak passwords are a top cause for data breaches. The good news is two-factor authentication can go a long way in mitigating this risk. Even if a hacker buys credentials from the dark web, they won’t be able to access 2FA enabled accounts unless they also have the MFA device, whether it’s a phone with an authenticator app or a device like a YubiKey. It’s why 81% of data breaches could have been prevented if 2FA had been enabled.

How to Implement 2FA

Using two-factor authentication across your IT environment isn’t that hard when you have an identity provider in place. If you’re using a legacy identity provider like Microsoft® Active Directory®, for an additional price you can use Active Directory Federation Services (ADFS) to connect to an on-prem Azure® MFA server or a third-party MFA server. If you’re an all-Windows® shop with Active Directory already in place, these options could be a great way to strengthen authentication in your IT environment.

Other organizations are using more of a mix when it comes to platforms, providers, protocols, and locations, so they are using a cloud-based identity provider that supports a wide variety of IT resources called JumpCloud® Directory-as-a-Service®. In this case, 2FA is included at no additional cost. IT admins can centrally enforce 2FA across their Mac® and Linux® endpoints, and the applications that are accessed via the User Portal. For tightly controlled administrative access to the JumpCloud console, IT professionals can require MFA on the JumpCloud Admin Console as well.  

Of course, centralized multi-factor authentication is just the tip of the iceberg in how JumpCloud can secure and streamline your IT environment. Because you can centralize user access to virtually all of your IT resources, you can achieve widespread visibility and control over your environment while end users gain frictionless access to the digital tools they need to Make Work Happen™.

Learn More

Would you like to dig deeper into why two-factor authentication matters? Consider digging into the matter by expanding your understanding of why identity security matters to begin with. Perhaps centralized 2FA with JumpCloud piqued your interest. If that’s the case, sign up for a free account. The entire platform is available, and your first ten users are free forever. If you need help along the way, drop us a note, browse our Knowledge Base, or view our video tutorial playlist.  

Recent Posts