Why your password isn't enough

A single password is all that stands between a cybercriminal and your digital life. In the UK and Jersey, where digital business operations are the backbone of the economy, relying on just a password is like having a front door with a lock that you have no idea who has a key to.

According to Cybersecurity Insiders (2021), while 90% of organisations acknowledge the critical nature of MFA, only 60% have implemented it fully. Meanwhile, Verizon's 2022 Data Breach Investigations Report finds that a staggering 80% of breaches involve compromised credentials.

What are 2FA and MFA?

Two-Factor Authentication (2FA) is like having a double lock; it adds a second layer of security to your usual login process. Typically, this involves something you know (your password) plus something you have (like a code sent to your phone or generated through an app).

Multi-Factor Authentication (MFA) extends this concept by requiring two or more proofs of identity to access an account. This could include combinations of:

• Something you know (a password)
• Something you have (a smartphone app or hardware token)
• Something you are (fingerprint or facial recognition)
• Somewhere you are (a geographical location)

What solutions exist?

• Authenticator Apps: These apps (e.g., Google Authenticator, Authy) generate codes that refresh every 30 seconds. They are perfect for businesses in Jersey’s more secluded spots where internet service might be spotty—offering solid security, no signal required.
• Physical Keys: Think of them as actual keys to your digital kingdom. Tools like YubiKey use physical contact to confirm your identity, providing a fortified barrier against remote phishing attacks—ideal for protecting high-value transactions under the stringent GDPR and Jersey data protection standards.
• Password Managers: These are not just vaults for your passwords. They help manage and auto-fill login credentials and 2FA codes effortlessly, making them an excellent option for businesses juggling multiple online platforms.

Why you should mandate 2FA/MFA

It significantly bolsters security by adding multiple verification layers, making unauthorised access challenging for attackers. This is crucial for compliance with stringent standards such as PCI DSS 4.0, which mandates MFA to protect sensitive data, emphasising its importance in regulatory adherence and data security. read more

It's a realistic concern that your password could end up for sale on the dark web, especially if you use the same password across multiple services. With MFA in place, you can rest assured that even in such scenarios, attackers won't gain access to your account. Now consider this risk across your entire organisation: it's not a matter of if, but when, someone's credentials will be compromised.

Implementing 2FA/MFA reduces the risk of breaches by adding extra security barriers and enhances customer trust by demonstrating a commitment to robust security practices.

Why text codes and email are suboptimal

SMS and email are poor methods of 2FA, even though they are widely used due to their convenience; however, it is the least secure method. These methods are vulnerable to cyber threats like SIM swapping and phishing, and lack inherent encryption, making them easy targets for interception.

Security Risks:

• OTPs sent through SMS or email can be easily intercepted.
• Users are more susceptible to phishing, potentially revealing OTPs to attackers.
• SMS and email do not typically encrypt data, posing a significant security risk.

Ready to double down on security?

Implementing 2FA/MFA is easier than you think, and it’s a critical step toward protecting your digital assets. For the most part, it is simple as logging into your various services, going to your account settings, and configuring your MFA setup.

Most online services allow you to mandate that every user in your organisation has to have MFA configured to even be able to log in.

Remember, in the realm of cybersecurity, being a step ahead isn’t just an advantage; it’s a necessity.