6 Multifactor authentication myths you need to stop believing
August 12th, 2022 by admin
Multifactor authentication (MFA) is a security solution that requires users to provide one or more authentication factors aside from a username and password. These authentication factors could be a one-time PIN (OTP), facial or fingerprint scan, app notification, or physical key. This additional authentication step makes it more difficult for cybercriminals to access accounts. Despite its usefulness, MFA hasn’t been adopted by some companies as they believe misleading myths surrounding the technology. In this blog, we will debunk some of the most common MFA myths, and explain how even small- and medium-sized businesses like yours can benefit from it.Myth 1: MFA is unnecessary because passwords are enough to secure accounts
While passwords can help secure your accounts from online attacks, they are no longer enough. For starters, many people tend to use weak passwords that can easily be guessed by cybercriminals. Others reuse passwords across various accounts. Such poor password habits are to blame for 80% of data breaches today, according to the 2021 Verizon Data Breach Investigations Report. When MFA is enabled, even if a threat actor gets a hold of a user’s username and password, they won’t be able to access the account without providing the other authentication factors.Myth 2: Using MFA is too inconvenient
When you implement MFA, you add a step to the login process as users need to provide another proof of their identity aside from their username and password. However, this additional step is a minor disruption compared to the data breaches that could occur if you don’t implement MFA. In fact, data breaches in 2021 cost $4.24 million, a 10% increase from the average cost of $3.86 million in 2019. To make the MFA login process more convenient for users, you can allow them to use fingerprint or facial recognition instead of inputting OTPs. You can also configure your MFA solution to remember your employees' devices so your staff won’t have to go through the MFA process every time they log in.Related article: Why your business needs multifactor authentication
Myth 3: SMS authentication is secure enough
SMS authentication requires users to verify their identity by entering an OTP sent via text message to their mobile number. While it’s convenient, SMS authentication is not a secure MFA method. This is because cybercriminals can easily intercept SMS messages. They can also convince telecom providers to transfer a victim’s mobile number to a SIM card in their possession. Finally, fraudsters can send text messages that claim to be from a reputable source (e.g., a bank) and ask victims to provide an OTP. This allows them to infiltrate the victim’s account and steal personal data. Instead of using SMS authentication, you should use more secure MFA methods like biometrics, USB security keys, and OTPs generated by authentication apps like Microsoft Authenticator and Authy.When MFA is enabled, even if a threat actor gets a hold of a user’s username and password, they won’t be able to access the account without providing the other authentication factors.