What is MFA

What is MFA

CT4 and Multi-Factor Authenication (MFA)

CT4 is taking the step to implement multi-factor authentication (MFA) for all it’s Office365 customers. While we have always recommended it, and used it internally, we now see the need to enforce the standard for the safety of our customers. 

What is MFA? 

Multi-factor Authentication (MFA), an umbrella term for a combination of authentication and authorisation methods.  MFA puts extra levels of protection between unauthorised users getting access to your system even if they have your username and password.  MFA combines two or more authentication factors — such as a password and PIN, a code delivered via text message, a physical token, and/or a fingerprint scan — to verify a users identify. Multifactor authentication has been shown to dramatically reduce the risk of breaches 

The use of single-factor passwords  

Static passwords are no longer enough to keep your data, systems and organisations secure.  Studies indicate that users are one of the single biggest risks to any organisation, where technology to crack passwords or re-apply passwords from other systems leave organisations vulnerable.  With the multitude of passwords and logins to remember, its natural for users to recycle passwords on different sites and platforms.  The move to MFA has now become a priority for organisations to implement and in some cases, no longer optional.  

Not all MFA strategies are equal – Good, better, best. 

2 Factor Authentication has been around for a long time, but MFA is taking it to the next level.

Passphrase protection instead of password is a bare minimum, SMS or push notification is good, biometrics, voice and facial recognition is better and hardware such as a USB based key is the best and most secure.  As a rule, the more multifactor steps required to access, the more secure your data is.  

Zero Trust 

As more organizations move towards a “zero trust” model of cybersecurity, a concept in which organisations do not trust anything inside or outside its perimeters. Anyone and anything must be verified before granting access. 

The cost vs the price 

Security is more important than convenience.  The average data breach costs an organisation a substantial amount, the costs are both tangible in data recovery and system patching and intangible with reputation, customers may lose confidence in your ability to protect their personal information and private data.   

Risk and compliance IS your problem 

You have a legal obligation to protect data under your control. 

What do I need to do to implement MFA? 

If you have Office 365 Click here for steps

If you need to need a custom MFA integration click here to contact us for advice or development