April 13, 2018//Ellen NeveuxLast Updated: April 29, 2020
A classic example of using multi-factor authentication (MFA) is a debit card. Not only do you need the physical card, but you also have to enter a personal identification number (PIN) to use it. A debit card is a basic example of MFA, but MFA should also be used in situations that involve relationships between third-parties and organizations. For both, MFA is great to implement since it is a means of controlling access to a network and keeping sensitive data safe.
What is multi-factor authentication?
According to TechTarget, MFA is a security system that requires two or more methods of authentication from different categories that verify a user’s identity to log in. The purpose of MFA is to have a layered defense that makes it harder for an unauthorized individual to gain access to PII.
Set a protocol in place that uses a confidential, unique, and a multi-factored method for authentication that ensures your assigned technicians–and only your technicians–have remote access to your clients’ networks. There are three common credentials for MFA used to put this protocol into action: what the user knows (a password), what the user has (a security token), and who the user is (a secure biometric verification).
What the user knows
The best passwords are curated with a combination of letters (uppercase and lowercase), numbers, and special characters. This is a great step to take to safeguard sensitive data from those who should not have access to it. Organizations must be aware of this and share this information with vendors and clients. A password should be unique and contain a combination of letters, numbers, and special characters.
According to a consumer account security report by TeleSign, one of the most common and dangerous security mistakes is using the same password across multiple accounts. It can cause a “domino effect,” which allows all accounts with the same password to be breached. The scariest part of this is that 73 percent of online accounts use duplicated passwords. That means if a bad actor can get into one account, they are able to get into other accounts under the same person. Protect yourself and your clients by insisting on unique passwords. Remember: if users are sharing credentials or using less secure means to obtain access they are effectively hacking your network.
What the user has
A security token, or authentication token, is a small device that a person carries with them to authorize their identity—like a keycard. A security token pairs great with a PIN to further verify an identity. A good authentication plan requires that the employee or vendor has two forms of authentication prior to accessing a network.
However, more and more companies are moving away from things like a key fob and are moving to smartphones and mobile devices to confirm an identity. This option offers an SMS text message, phone call, or email sent to the individual’s phone. The message sent contains a unique numerical sequence that will expire after a short period of time. Again, this is a great security protocol since it takes both the phone number and text message to authenticate an identity.
Who the user is
If you’ve ever seen a spy movie, then you have seen biometric verification being used. It’s how the evil overlord gains access to their lair—when they place their palm on a scanner and access is granted. Unsurprisingly, someone who shouldn’t be there enters the lair and shuts down all the evil plans. Biometric verification fails in these movies because it was used as the only factor.
Biometric verification has been popularized since its integration into many smartphones. It can be used for payment options or identity verification and works great when it is paired with a second factor, like a password.
Integrating multi-factor authentication
Looking to create a realistic authentication policy? The first step is to implement MFA in business practices and regulate vendors. Ultimately, ensure that all of your third-party access is controlled by a consistent formula for reliable identification, up-to-date credentialing, and multi-factor authentication.
To increase security measures further, add multi-factor authentication to each login and ensure that when a unique user signs on they are exactly who they say they are. To learn more about regulating third-party access, make sure to download the Ultimate Guide to Third-Party Remote Access.
SecureLink also offers a mobile application through both the Apple App Store and Google Play Store that offers multi-factor authentication. Ready to put your multi-factor authentication plan in action? Read the press release from Cision PR News and download the Authenticator App to properly protect PII.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.