Multi Factor Authentication
Multi-Factor Authentication (MFA) is a security method that requires users to verify their identity using two or more factors before accessing a system. These factors can include something the user knows (like a password), something they have (such as a hardware token), or something they are (like a fingerprint).
MFA is essential for organizations as it provides an extra layer of defense against password-based attacks, such as phishing, brute force, or credential stuffing. Even if an attacker obtains a user’s password, they would still need the additional factor to gain access, significantly reducing the risk of unauthorized access.
Hardware tokens, like YubiKeys, offer one of the most secure forms of two-factor authentication (2FA). They are phishing-resistant because they use cryptographic methods to verify authentication requests, ensuring that credentials can only be sent to legitimate websites or services. This makes them a reliable choice for organizations seeking to strengthen their authentication processes and protect sensitive data from advanced threats.
Outcome
- Enforce Multi-Factor Authentication (MFA) for business accounts, prioritizing the use of hardware tokens such as Yubikeys.
- Develop and document a robust process for MFA resets. Ensure it is manual and includes identity verification for employees.
Metrics
- Percentage of users with MFA enabled
- Number of Logins/MFA requests failed
Tools & Resources
- Authy (Free)
- Google Authenticator (Free)
- Yubikeys (Paid)
- RSA Secure Id (Paid)