Celebrate World Password Day by taking your online security to the next level! Learn why MFA is essential and how you can easily implement it for stronger protection.
Let’s face it, we’re all guilty of bad password security. In fact, the most used password - even today – is ‘123456’. No surprise that when put into a password strength checker this password could be cracked... instantly.
A cybercriminal’s hacking techniques could take only milliseconds to correctly determine today’s most used password. For example, another password that appears on the most common password list is ‘1q2w3e’, a mixture of numbers and letters, which is perceived as more secure. Nope. Cracked in 0.02 seconds.
But what if I add an uppercase letter? 0.08 seconds.
And add a special character like ‘$’? 8.02 seconds.
While the length of time is increasing, 8.02 seconds is not nearly long enough to prevent cybercriminals from easily cracking the password to your business's laptops, accounting software, or social media profiles – and so much more.
What do we recommend? Implementing MFA, also known as Two-Factor Authentication (2FA) or Two-Step Verification (2SV) across all your business systems to ensure that even if your strong password is compromised you have another layer of protection blocking the cybercriminals from accessing your data.
What is MFA?
MFA is an access management method. On top of requiring a password (the first authentication factor), when using MFA you will be required to provide another form of identification (a second authentication factor) to access your software, hardware, or social media platforms.
MFA intendeds to provide a higher degree of assurance of the identity of the individual attempting to gain access to a resource.
MFA is authentication based on the use of at least two different authentication factors:
- Knowledge - Something only the user knows;
- Possession - Something only the user possesses;
- Inherence - Something the user is
These secondary forms of identification include, but are not limited to;
Inherence Factors:
- Biometrics – Thumb/face scanning.
- Location – Checks the user's location by using an IP (Internet Protocol) address against an authorized location. If the location doesn’t match, another factor of authentication will be required.
Possession Factors:
- SMS or e-mail verification – A one-time code will be sent to the associated phone number or email address of an account.
- Software tokens – Often generated through authenticator apps that produce a one-time code that expires after a set period.
- Hardware tokens – A physical token that produces a one-time code that expires after a set period.
Knowledge Factors:
- PIN or Passcode
- Answer to a security question
Note: If the first authentication factor in the MFA process is a password (also a knowledge factor), then use of a PIN/passcode or security question answer as the second authentication factor is use of the same type of factor twice, which is not considered MFA.
When should I use MFA?
Ideally, a secondary authentication factor or form should be used for any access to your networks, systems, and online accounts. Users will often choose passwords that are easy to remember, but also easy for the cybercriminals to crack, re-use passwords across multiple systems and accounts, and change them infrequently. Passwords, compromised in data breaches may continue to be used for long periods, leaving your networks, systems, and data vulnerable to unauthorised access and compromise.
That’s why – in honor of World Password Day - VikingCloud has put together the Official MFA Commitment Checklist. If you commit to and repeat the following checklist items 3 times – you’ll be good to go!
All together:
- I will use MFA wherever possible, especially for access to my most sensitive, personal, and business-critical accounts and data.
- I will ensure all business users, including contractors and third parties with access to business networks, systems, or data, whatever level of access they have, use MFA.
- I will use cloud-based services, when possible, as these will often have an option or even a requirement to use a secondary form of identification.
- I will avoid personal and business use of services which do not have an MFA option.
How do I set MFA up?
This is the important part, we’ve compiled a list of commonly used apps, software, and social media platforms and listed the instructions they provide to set up MFA.
Microsoft Products
Referred to as Two-step verification from Microsoft you can view how to set this up for your accounts here.
Note: This will apply to all the Microsoft services you use with this specific email address, including laptops that you have set up using a Microsoft email address.
Apple Products
Apple have made 2FA a requirement for certain services they provide such as Apple Pay and signing into an Apple ID.
However, you can update 2FA settings on Mac by reading this.
You can update 2FA settings on Apple iPhones by reading this.
Social Media
Cybercriminals can use your published information on social media to make phishing and Business Email Compromise (BEC) attacks much more convincing - which can easily lead to stolen social media credentials or compromised accounts. This can be prevented by implementing MFA across your social media accounts.
And no business is too small to practice good password practices. Check out how a small business owner who used Instagram as her online shop had her business held hostage with ransom demands that resulted in a 95% drop in sales – nearly costing her eight years of hard work.
You can setup MFA for most if not all the popular social media platforms. Check out how in the following links:
Accounting Software
If your accounting software is compromised you could lose complete access to all your business financial information, as well as risk the personal details of employees being stored. Here’s how you can set up MFA for some of the most popular software:
Site Builders and Similar
A cornerstone of any small business is its website. The ability to drive customers to a website and convert them into sales is crucial. Often, as a business owner, you will need to make sure that all these pieces of software you use, and the plugins associated with them, will need to be kept up to date to ensure the security of your business. This is, of course, very important. However, setting up MFA on the software you use is just as important. Here’s a look at how you can do this:
Customer Relationship Management (CRM)
A key to a successful business is to successfully manage the relationship with your customers and nurture the sales pipeline. That’s why CRMs such as Salesforce are so important and keeping them safe and secure should be of the utmost importance to you. Here’s a look at how you can do this:
- SalesForce - MFA is a requirement for logging into Salesforce. You can use this link to help configure your MFA settings.
- Monday
- Pipedrive
- SugarCRM
- Zendesk
Conclusion
Setting up MFA (or 2FA or 2SV) for access to all accounts, networks, and systems you use for business (and personal) purposes should be your main priority on World Password Day. Strong Passwords are great, in-fact a stronger password will now be required to become PCI DSS compliant in a future-dated requirement of PCI DSS v4.0 (requirement 8.3.6). But no matter how strong a password is, they can still be obtained (although hashed) through a breach. So why not give your business that extra bit of security?
MFA technologies and solutions are constantly changing and improving, including the introduction of behavioral biometrics. VikingCloud will be sure to keep you updated on any new updates and changes to the world of MFA.