How to Protect Your Accounts with Multi-Factor Authentication
Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber attacks.
In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. Multi-factor authentication is something many of us encounter in our online lives in conjunction with passwords. We’ll take a closer look at what MFA is, why we need it, how it strengthens identity verification and how you can enable it with Cisco Duo.
What is MFA?
Use of username and password credentials for authentication began decades ago and worked “good enough” until cyber criminals found ways to exploit them. Those exploits continue to this day. A recent study Cisco Duo sponsored with ESG – Passwordless in the Enterprise - found that 76% of organizations experienced multiple account or credential compromises over the past year.
First let’s recap. We know that passwords don’t work. Some key reasons include:
Users must create and remember them, so they tend to pick shorter, less complex strings and they often require helpdesk support to fix problems.
They are cumbersome for users to enter repeatedly, especially on mobile devices and tablets.
They are shared, so not only does the user know them, but so does every site they need to log onto (well discuss SSO another time), which is a risk!
Subsequently, a whole industry was created around guarding against the weaknesses of passwords in the form of multi-factor authentication. Those “multi” factors can include:
Something You Know – A Password, Passcode, etc.
Something You Have – A Computer, Mobile Device, etc.
Something You Are – A Fingerprint, Face ID, etc.
Something You Do – Keyboard Typing Cadence, etc.
Some Location You Are At – Device Geolocation, etc.
Some Time You Are In – Time on the User’s Access Device, etc.
Aside from being inefficient and a weak form of authentication, the big problem with the “something you know” factor (namely passwords) is that it must be shared with every site where it’s used for authentication and is frequently also known by cyber criminals!
Cisco Duo and MFA
Duo protects against breaches with a leading access management suite that provides strong risk based multi-factor authentication, multi-layered defenses and innovative capabilities that allow legitimate users in while keeping bad actors out.
For any organization concerned about being breached that needs a solution fast, Duo quickly enables strong security while also improving user productivity. It prevents unauthorized access to any application, for any user and device, from anywhere.
It’s designed to be easy to use, administer and deploy, and to provide detailed and actionable visibility and controls. What are some of the flexible authenticators Duo offers to secure customer environments?
Biometrics – Typically associated by “passwordless authentication,” this authenticator option is the gateway to verifying via “something you are” and “something you have” (i.e., a registered device). And in conjunction with the FIDO2 standard, this is one of the strongest and most phishing-resistant authenticators available.
Security Keys – This portable “something you have” authentication method meets FIDO2 standards and gives users the flexibility to move between devices. It also gives organizations the trust that comes from knowing the user is in possession of the authenticator.
Duo Push & Verified Duo Push – This provides MFA through the Duo Mobile app on user smartphones, either with an easy touch approval or with number matching for additional phishing protection.
Wearables – Extend portable authentication capabilities through smartphones to a user’s wrist, allowing them to get the security benefits of MFA with an uncomplicated user experience.
Soft Token – Provide a one-time passcode (OTP) through the Duo Mobile app on user smartphones. Duo supports local MFA for Windows and MacOS endpoints. Soft tokens are also a good option for offline authentication.
SMS – Short Message Service (SMS) is a popular communication channel for brief messages and can be used for authentication. It is easy to implement, yet susceptible to phishing when codes are copied and pasted.
Hardware Tokens – While they were a popular “something you have” method early in the history of MFA, they are more of an alternative method these days. This is in large part due to issues with provisioning and recovery, and because they are susceptible to phishing.
Phone Call – For environments with users that cannot or do not have smartphones or access to devices with biometrics, phone calls can serve as a last-resort MFA method.
Summary
MFA is an effective way to verify user identities and protect your environment. Intuitive to configure, fast to deploy and user friendly, Duo MFA lowers total cost of ownership, decreases risk of breaches, and improves user productivity.
It allows organizations to increase security and improve experience at the same time. Duo exemplifies Cisco's commitment to securing the enterprise: "If it's connected, it's protected."
Try Duo today!
With our free 30-day trial and see how easy it is to get started with Cisco Duo MFA and secure your workforce, from anywhere and on any device.