Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.

With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.

Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.

How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).

It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.

What Are the Three Main Methods of MFA?

When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same. There are key differences that make some more secure than others and some more convenient.

Let’s take a look at what these three methods are:

SMS-based

The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user.

The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered. 

On-device Prompt in an App

Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at log in, but rather than receiving the code via SMS, it’s received through the app.

This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.

Security Key

The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.

The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.

Now, let’s look at the differences between these three methods.

Most Convenient Form of MFA?

Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?).

This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.

If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based MFA.

Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.

Most Secure Form of MFA?

If your company handles sensitive data in a cloud platform, such as your online accounting solution, then it may be in your best interest to go for security.

The most secure form of MFA is the security key.

The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone is lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.

A Google study looked at the effectiveness of these three methods of MFA in blocking three different types of attacks. The security key was the most secure overall.

Percentage of attacks blocked:

  • SMS-based: between 76 – 100% 
  • On-device app prompt: between 90 – 100%
  • Security key: 100% for all three attack types

What’s in Between?

So, where does the app with an on-device prompt fit in? Right in between the other two MFA methods.

Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than needing to carry around a separate security key that could quickly become lost or misplaced.

Looking for Help Setting Up MFA at Your Company?

Multi-factor authentication is a “must-have” solution in today’s threat climate. Let’s discuss your barrier points and come up with a solution together to keep your cloud environment better secured.

 

This Article has been Republished with Permission from The Technology Press.

 

IT Support in Harrogate

Carl Matthew Hamilton

Carl has the experience required to solve any IT queries & manage your IT infrastructure.

With over 20 years in the IT industry and a vast amount of experience and author of 349 posts and many more waiting to be published.

Leave a Reply

chtsiserve-com

Subscribe To Receive The Latest News

Subscribe to find out first about new content.

See our Privacy Policy.

Need help or want to know more?

If you would like to discuss working together, book an appointment or call 01423 423068

Interested and want to help smooth the process? Install our Onboarding toolYou can also try to reach us via our HubSpot Live Chat.

Book Appointment

We would love to hear from you regarding any Outlook or Microsoft 365 Support, IT Support, Cyber Security, WordPress Website Design, or any Computer Support request you may have. Get the best out of Harrogate & Yorkshire IT Support.

Please note if you are a client and need to request IT Technical Support,  please use our Client Portal

Contact Us

Tel: 01423 423068

E-mail: hello@hamiltonsystems.co.uk

Online Support Portal: Client Portal

Need a quick chat or request? Try our HubSpot Chat from this page. Alternatively, use our WhatsApp Chat

Book with us

Loading...
Hamilton Systems

Looking For Better IT Support?

Unhappy with your IT Support or getting slow response times? Let us help provide a solution to suit you. Complete the form to arrange your callback & get your FREE IT audit.

Our email wasn’t performing very well so we asked Hamilton Systems to take a look & Carl proposed to migrate us to MS Exchange.

Carl was very helpful throughout & the migration went very well.

He was on hand to sort out any teething issues, taking calls early morning & into the night, to ensure we were up & running smoothly.

Would recommend for knowledge, attention to detail & great customer service.”

Ian Porter

Fotofabric Limited

Hamilton Systems

Book A 15 Minute Video Call

IT Support in Harrogate

Carl Hamilton

Managing Director
  • 22+ Years IT Experience

  • Business Phone Systems (VOIP)

  • Cyber Security Specialist

  • Experts in Outlook Support &  Migrations

  • IT Support in Harrogate

  • Outsourced IT

  • Social Media Management

  • Website Hosting & SEO Management

“Extremely helpful and proficient technical support. Provided one-off troubleshooting when I required support to recover Outlook. Carl was knowledgeable, polite, and patient in resolving my issue Highly recommended.” – Pras Legal Corp.

Book Your 15 Minute Video Discovery Call

Unhappy with your existing

IT Support?

Talk To Us

Call us 03330 509625

Published On: July 31st, 2022 / Categories: Cybersecurity / Tags: /