SDN Blog

Use multi-factor authentication to improve cybersecurity

Posted on Tuesday, June 18, 2019 in Cybersecurity

Blog written by


Thieves may threaten victims with weapons in order to steal money or valuables from people. Burglars typically break into buildings at night.

Some criminals still use those old-school methods.

These days, however, victims can also be attacked by anonymous hackers who work on computers or make phone calls.

Advances in communications technology have helped businesses, organizations and consumers operate faster and more efficiently. But new products and services also create fresh targets for cybercriminals. People who use technology always need to be cautious.

Multi-factor authentication, or MFA, is an old defensive strategy that's gaining popularity, and that’s great. Use MFA whenever possible because it provides users an extra level of security. It's still possible to have devices protected with MFA hacked, so users should stay cautious.

MFA requires a user to provide more than a username and password to log into an account. The additional information is often a passcode sent by text message or email. A stronger form of security may require something biometric, such as a fingerprint or retina scan.

“Multi-factor authentication is just an additional tool in your tool belt for combatting cybercrime,” said Jon Scarbrough, director of IT at SDN Communications. “The whole point is to make it harder for somebody to be able to get into your account, wherever that account may be. It could be at a bank. It could be at work.”

NEW TOOLS FOR MFA

Scarbrough expects to see increased use of tools such as YubiKey, an authentication device, to help increase the security of MFA.

YubiKeys and similar products look like memory sticks or key holders. After they're set up, the security key can be plugged into a USB port or used with Bluetooth wireless technology to strengthen the authentication process.

“Those are additional techniques to make it harder for someone to hack into your account,” Scarbrough said.

“Of course, users can’t be lazy in exercising care”, he said. For example, they shouldn’t use “password” as their password and then be surprised when an account gets hacked.

STRONGER, NOT IMPREGNABLE

Even accounts protected by MFA are hackable. Cybercriminals can buy stolen account information or hacking tools on the Dark Web.

One of the most recent reported strategies for hacking accounts protected by MFA begins with a real-looking email that might appear to come from a source such as LinkedIn, but is fake. The email might include a suggestion for a new connection, for example. If the receiver clicks the link, his or her response gets routed to LinkedIn. It will also get routed to the hacker so they can steal the log-in credentials or other information.

KnowBe4, a company that specializes in online security training and commercial testing, recently published an e-book by Roger Grimes, titled “12+ Ways to Hack Multi-Factor Authentication.” The 39-page book is designed to help readers defend against attacks.

“While MFA does reduce, and in some cases, significantly reduce particular computer security risks, most of the attacks that could be successful against single-factor authentication can also be successful against MFA solutions,” the book notes.

MFA will not prevent phishing or social engineering attacks from succeeding, for example, so security awareness training should remain a big part of a companies’ defense strategy, the book contends.

It might not be surprising that an online security-training company would promote the need for employee training. But most cybersecurity experts will tell you that people are the weakest link in most companies’ security strategies.

Too often, people click on suspicious links or get tricked by a caller into giving out sensitive information. With good, ongoing training users can strengthen these weaknesses.

MFA helps, too. MFA can make it more difficult for scammers to log into someone else’s account, even if they have the account holder's name and password. Businesses and individuals should use it whenever they can.

SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington and the surrounding areas.