Passwords play a critical role in preventing unauthorized account access. Unfortunately, the Google-Harris Poll 2019 password survey showed that many Americans have poor password practices. The survey’s highlights included:
- 24% of respondents use common passwords such as “abc123,” “Iloveyou,” and “Qwerty”
- 59% of respondents integrate easy-to-guess personal information (e.g., birthdays) in their passwords
- 22% of respondents use their own name as part of their password for at least one account
- 43% of respondents share their passwords with other people
- 66% of respondents used the same passwords across multiple accounts (e.g., online banking, email, and social media networks)
- 55% of respondents did not change their password after a breach
Given that the average American has about 200 accounts that require passwords, it’s no wonder people resort to using weak passwords that are easy to remember or reusing passwords for several accounts.
The problem is, cybercriminals take advantage of these behaviors by using commonly used passwords and personal information to guess login credentials. They also count on people reusing passwords so that they can access as many accounts as possible.
In fact, the Verizon 2018 Data Breach Investigations Report (DBIR) showed that 81% of company hacking-related data breaches were due to compromised, weak, and reused passwords. The most recent DBIR report reveals that not much has changed, as stolen and weak credentials are still involved in 80% of hacking-related breaches.
These statistics show that passwords are no longer enough to protect people from cybercrime. That’s why our IT security experts at CDS highly recommend using multifactor authentication (MFA).
What is multifactor authentication?
MFA is a security mechanism that allows account access only after users have presented more than one method of identification. In other words, users need to verify their identity with more than just a username and password. The other authentication methods may include:
- Something you know – password, PIN code, answer to a security question
- Something you have – payment card, one-time PIN (OTP) sent via SMS or authentication app
- Something you are – fingerprint scan, face and voice recognition
How does multifactor authentication work?
A popular example of the use of MFA is when you withdraw money from an ATM. First, you need to insert your debit card (i.e., something you have) into the machine, and then you input your PIN code (i.e., something you know).
Many websites such as Facebook and Gmail allow you to set up MFA. This means, after inputting your username and password (i.e., something you know), you may be required to type in an OTP sent to your mobile phone (i.e., something you have) to log in to your account.
Is multifactor authentication effective?
Since MFA requires more than one authentication method, it’s more difficult for cybercriminals to breach your account. To do so, they would need your password and the additional authentication method. Hacking an MFA-protected account is so hard that they often just give up and look for a more vulnerable target instead. In fact, Microsoft says that MFA blocks 99.9% of account hacks.
Interested in beefing up your cyber defense with MFA? Choose CDS to handle it for you. We follow best practices to ensure that MFA deployment enhances your cybersecurity without burdening your employees.