SiteProNews
  • Home
  • Article Archives
  • Newsletter
  • Categories
    • Advertising
    • Affiliate Marketing
    • Article Marketing
    • Breaking News
    • Business
    • Editorials
    • Email Marketing
    • Facebook
    • Featured
    • Google
    • Infographics
    • Marketing
    • Miscellaneous
    • SE Optimization
    • SE Positioning
    • SE Submission
    • SE Tactics
    • Search Engine Marketing (SEM)
    • Search Engines
    • Social Media
    • Social Media Marketing
    • Social Networking
    • Technology
  • Guest Blogging
  • Advertise
  • RSS Feed
  • Facebook
  • Twitter
SiteProNews
  • Home
  • Article Archives
  • Newsletter
  • Categories
    • Advertising
    • Affiliate Marketing
    • Article Marketing
    • Breaking News
    • Business
    • Editorials
    • Email Marketing
    • Facebook
    • Featured
    • Google
    • Infographics
    • Marketing
    • Miscellaneous
    • SE Optimization
    • SE Positioning
    • SE Submission
    • SE Tactics
    • Search Engine Marketing (SEM)
    • Search Engines
    • Social Media
    • Social Media Marketing
    • Social Networking
    • Technology
  • Guest Blogging
  • Advertise
  • RSS Feed
Business • Ecommerce • Security

Are Some Companies’ Right to still avoid Multifactor Authentication?

October 6, 2020
4 Min Read
avatar François Amigorena
    Share This!
    FacebookTwitterLinkedInRedditPinterestEmail

Using only a strong user name and password doesn’t cut it anymore. Companies without MFA are wide open to attacks despite the other security solutions they may have in place. If your employees fall for phishing scams or start sharing passwords, an attacker can get access to your network in no time. But what’s stopping some organizations from adopting multi factor authentication (MFA)?

Compromised credentials represent one of the biggest threat to organizations today. If you think about it, it’s simple to understand. An attacker compromises a set of corporate credentials and then uses it to enter into your network. Why would any of your security solutions flag something unusual? They are using valid credentials! This is what makes these attacks so hard to detect.

What’s hard to understand is that whilst this threat is very well known, it seems many don’t take it very seriously. Our survey of IT decision makers from a few years ago showed that only 38% use MFA to better protect credentials. What’s even worse is that unfortunately for some, things have not changed since then. 

Mistaken beliefs about the adoption of MFA 

We believe 4 myths are still prevalent that might be guiding some organizations to avoid MFA.

1. MFA should be used only in large enterprises

Small and medium sized business have data they need to protect as much as large enterprises. Having MFA in place should be a key security measure for any company, whatever the size. MFA doesn’t have to come at a high cost or be complex.

2. MFA should be used to protect only privileged users

The first reason you should protect all of your employees with MFA – not only privileged users – is that even the users you consider as “non-privileged” can still have access to data that could hurt your company. For example, a nurse would be considered as non-privileged, but what if she decides to sell a celebrity patient’s data to a newspaper? If inappropriately used, any data can harm a company.

The second reason is that most hackers don’t start with a highly privileged account. They usually start with a low level account and then move laterally until they find anything valuable. 

3. MFA is not perfect 

Well, there is no “perfect” in security but MFA comes pretty close. Not too long ago, the FBI issued a warning regarding some attacks where MFA had been bypassed. The two main authenticator vulnerabilities were ‘Channel Jacking’, involving the takeover of the communication channel used for the authenticator ⁠and ‘Real-Time Phishing’, ⁠using a machine-in-the-middle to intercept and replay authentication messages. However, experts have agreed that high cost and effort are needed for such attacks. Usually, if a hacker encounters MFA, he’ll just move onto an easier target. 

As a simple precaution, you can avoid MFA authenticators that rely on SMS (The National Institute of Standards and Technology (NIST) discourages SMS and voice in its latest Digital Identity Guidelines). 

Also, you should know that the FBI still maintains that MFA is effective and is one of the simplest steps a company can take to strengthen security.

4. MFA impedes employees’ productivity

As with any new technology, if it impedes user productivity, employees won’t tolerate it and the solution won’t be adopted. They’ll always find a way to circumvent security controls which will put your company at risk. That’s why you need flexibility with multifactor authentication. Administrators might not want to prompt the user for MFA every time they log in. What you can do is enhance identity assurance thanks to contextual controls. They use environment information to further verify all users’ claimed identity, but they are transparent to the end user. Contextual factors can for example include location, machine, time, session type and number of simultaneous sessions. 

Getting your credentials compromised can happen to anyone – whether you are a privileged or a non-privileged user. Having a MFA solution in place should be a key security measure for every company, regardless of size. It is one of the easiest and simplest steps to keep accounts protected.

FacebookTwitterLinkedInRedditPinterestEmail

You may also like

Sponsored

5 Benefits of Wholesale Inventory Management

5 days ago
Paul Williamson

Wholesaling or purchasing goods from manufacturers that then get sold to other businesses can get very tricky and...

5 Essential Logo Variations That Every Business Needs

7 days ago
Daniel Anderson

Logos are an important part of developing brand awareness and recognition for your business. After all, they are...

Must-have Technology Tools for a Brand New Business

1 week ago
Paul Bates

When you start a new business, you need to make sure that you have all of the right tools in place. The technology...

About the author

View All Posts
avatar

François Amigorena

François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions software makes it easy to protect against unauthorized access to networks and the sensitive files within.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.

Recent Articles

  • 4 Tips for Generating Leads through Content Marketing
  • 6 Effective Tips for Using Dynamic Content in Digital Marketing Strategy
  • How to Build an Affiliate Blog from Scratch: The Ultimate Guide for Beginners
  • Key Work From Home Statistics
  • Artificial Intelligence: Future of Digital Marketing
  • 5 Benefits of Wholesale Inventory Management

Sign Up for Our Newsletter

Popular Topics

Advertising apple article marketing att Blackberry China content marketing Digital Marketing Edward Snowden email marketing EU FBI FCC ftc FWM Google google glass hackers IBM Infographic Intel Internet internet marketing Marissa Mayer Mark Zuckerberg microsoft mobile Net Neutrality NSA pinterest Samsung seo Skype smartphone smartphones snapchat social media marketing Sony T-Mobile tablets Tim Cook Uber verizon Writing/Content yahoo
Avatars by Sterling Adventures
  • Home
  • Article Archives
  • Link to SPN
  • Top SEO Tools
  • SPN Partners
  • Contact Us
  • Privacy
  • Advertise
  • ExactSeek
  • SiteProNews
  • Blog Search
  • SitesOnDisplay
  • ISEDN
  • SonicRun
  • FreeWebSubmission
  • FreeWebMonitoring
Jayde Online, Inc. © Copyright 2023. All Rights Reserved.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT