As an IT administrator, one thing I often hear about is questioning the need for Multifactor Authentication (MFA) when logging into various applications. People say it takes longer to log in, it can be complicated, and heaven forbid you get a new phone. I’ll let you in on a little secret, IT professionals don’t like doing it either. So, what’s the deal? Is MFA really that important?
The short answer? Yes. It really is that important.
MFA is an additional layer of security going beyond just using a password. Often this will require you to enter a 6-digit code after entering a password. This code can come from an email or a text message, but the consensus is that using an authenticator app (E.G. – Microsoft or Google Authenticator) is the most secure. Emails and text messages can easily be hacked – authenticators, not so much. Each authenticator is different, but generally, logins will accept codes from that device only. Even if you get a new phone and install the authenticator on it, the login will not accept codes from it. You must reset your MFA to use the new phone. This extra step has prevented countless attacks from reaching fruition. It’s not perfect, but it’s infinitely better than not using it at all.
To give you a real-world example, in 2022, Medibank, an Australian private health insurance provider, was hacked. The attackers were able to get in their systems using stolen credentials they got from an IT contractor who saved the login to his personal computer’s internet browser. They used these credentials to successfully access critical systems since Medibank failed to enforce MFA on these servers. As a result, the attackers were able to access data from 9.7 million customers. Had the provider enforced MFA, the attackers wouldn’t have been able to get in.
Think about all the customer data that your company houses. Think about all the trust you’d lose if that data were breached. A little bit of inconvenience goes a long way in protecting this data. Even if you use secure passwords, all it takes is to fall victim to one phishing scam (a remarkably easy thing to do) and now your password is stolen. MFA provides an additional barrier so that even if this happens, your account is protected.
Multifactor authentication is annoying and inconvenient, but it’s precisely these qualities that make it so useful. It’s this extra step that foils many hackers attempts at compromising your system and is thus a necessary brick in the over security plan.
