Multi-Factor Authentication is a no-brainer!

The preferred and most common access vector for hackers and spammers is with valid user credentials!

Firms can no longer solely rely on passwords, regardless of their complexity, for the protection of their systems and data. Over 30% of users admit to re-using passwords from personal accounts at work. And since passwords have become more complex, users often rely on insecure methods to store their password from post-it notes to non-encrypted files on their computers.

The bottom line is that all firms should employ a multi-factor authentication process.

What is Multi-Factor (2FA)?

Multi-factor authentication is a security protocol where a user must enter more than one security factor to enter a system. Most commonly, this will be the user’s password followed by numeric code which is delivered directly to the user. There are two step methods, like a password and a known pin (two things you know) or the more secure option of two separate factors.

A two-factor method will have at least two of the following options:

1) Something you know - like your password AND

2) Something you have - like a cell phone with a text token OR

3) Something you are - like a biometric option (fingerprint)

Is multi-factor a hassle?

No. It takes seconds to enter the secondary code and the security benefits vastly outweigh typing a few extra numbers. Access your computer resources without multi-factor authentication is eating from one hand, texting in the other all while driving without a seat belt.

How does it work?

ProCirrus offers 6 methods for multi-factor authentication. You can have multiple options set up on your account as backups in the event your primary option is unavailable.

It’s super simple.

When you log in, you will be prompted for your OTP (one-time passcode). Depending on your preferred method (see below) you simply enter that code and you are logged in!

The 6 Multi-factor Options

Text OTP.png

RECEIVE YOUR one time passcode BY TEXT

This is the most common method for firms that allow the use of cell phones

Auth+OTP.jpg

Use free google authenticator APP

This is a free app that you can download to your phone. The app can support multiple sites if you have multi-factor for other locations!

Card OTP.png

Use credit card sized token generator

This is perfect for firms that do not, or can not, allow cell phone use at work. The user simply presses a button to get the second factor code.

biokey.jpg

use your fingerprint

If you use the same computer daily, a finger print reader is a super simple way to access the system.

RECEIVE PASSCODE VIA EXTERNAL EMAIL

This is usually reserved as a back up option. Note the email can not email that is protected by the multi-factor service.

grid.jpg

use a memorized grid

The grid is most commonly used as a back up option and is a second step for logging in but not a second factor.

Meet compliance requirement or just do the right thing

Whether driven by compliance requirements or simply to adopt security best-practices, adding multi-factor authentication is one of the biggest security returns for the lowest cost and effort your firm can make. There is no defensible rational for not employing multi-factor authentication!

ServicesDan Sheltonmulti-factor, authentication, 2FA, passwords