If I told you that your email address and password are more valuable than your house or car, would you believe me? Probably not- and you may be right that it is not worth more in dollar value (unless your name is Jeff Bezos or Bill Gates). However, when we think of it in terms of potential damages? It is possible that I may be correct. I’ll explain.
Your Online Presence is More Valuable And Information is Becoming More Vulnerable
As we become more connected and our lives more integrated online, our online identity becomes increasingly more vulnerable. Services like online banking, e-commerce and social networking, can all provide access to sensitive information for the wrong person. This poses a dramatic threat, especially since your credit card information can often be accessed this way. If we take the concept of home security and apply it to the internet, your home address would be equivalent to your email address. Both can be accessed publicly, through different means. The difference? Your house has a key. In this scenario, your password is equivalent to your house key. Additionally, most people have security systems for their homes that would alert them in the case of a break-in. Maybe you have an advanced security system that would alert the police in the event of suspicious activity. Maybe, in addition to all of these things, you have your neighbor of 10 years keeping an eye on your home and texting you in the case of an attempted break-in. The question of this metaphor then becomes: would all of these measures be in place if someone tried to break into your email account?
What is MFA? And is Getting it As Easy as Getting a House Key?
So, what does your house have that your Gmail, Facebook, Snapchat, Amazon, and online banking accounts do not have? The advanced security system. In the case of online systems, an advanced security system presents itself in the form of Multi-Factor Authentication (MFA). The process of MFA is simply added to the login process and texts your mobile phone a six-digit pin number that you’re asked for after you input your password. Upon inputting the code that you just received, you’re granted access to your account. Pretty simple, and you may recognize this process from one or many of the online platforms you use.
Combining What we Know, With What we Have
Traditional MFA is a big step toward increasing the overall security of your online identity, but there are even more modern MFA solutions today. Rather than opting to receive a text message each time I log in, what if I could just obtain those codes from a mobile application? The philosophy behind MFA is simply: you combine what you know (your password) with what you have (your phone, which can deliver the subsequent code to access your stuff)! While your banking app may mandate an MFA process through their own platform, what about your Amazon account or social media? It is crucial that you are using MFA on as many of your online accounts as possible.
Staying Secure at Work
Due to the extensive connectivity of the internet, it is nearly impossible to compartmentalize our identities when it comes to online platforms. You may find that your workplace has decided it’s worth the trouble to protect their work resources with MFA as well. This is understandable as traditional cybersecurity measures have failed to protect valuable online information. For instance, it only takes one fake email from your CFO, or one click on a bad link, to potentially lose thousands of dollars. While MFA won’t stop you from clicking on a funny-looking link, it could prevent that email containing that link from showing up in your inbox in the first place. An MFA solution that can prevent these advanced social engineering tactics and online breaches that are at an all-time high, is essential. Don’t wait for your company to fall victim to an attack to implement one.
Why We Chose DUO as Our Preferred MFA Provider
Here at Worksighted, we have found an awesome solution in Duo MFA. Whether you’re an individual who’s looking to increase the security of your personal online identity, or an IT decision-maker who’s looking to do the same for your organization’s business systems, Duo can be used for both! A great product starts with the end-user in mind, and Duo’s user experience is pretty stellar.
We’ve completed many Duo deployments with our clients, and the most common question we hear is “is that all I have to do”? With Duo Push, that same concept of a six-digit PIN number turns into a simple push notification verifying each login attempt that allows us to simply tap a button to say, “Approve this login” or “Deny this login”. You can even receive that notification on your smartwatch! For an administrator, the back-end configuration is almost as easy, taking only minutes to set up.
When you layer additional security into your workflow, you inevitably introduce a level of inconvenience as users now have to perform an additional task in order to log in – we believe Duo hits the sweet spot of balancing security and convenience. We encourage you to try Duo and see if you fall in love as we did!
At the end of the day, whether it is Duo or another MFA provider, we encourage implementing some form of MFA to gain an added level of security in the ever-growing threat landscape of the internet. Your online identity has become one of the most valuable personal assets that you have. Securing it should become as routine as locking your car door or turning on your security system at home. If you have any questions on MFA or securing your assets, drop us a line and we can help!
About the AuthorJacob Heisey is a Solutions Engineer here at Worksighted focusing primarily on security and Zero-Trust. Jacob is a proud Spartan and obtained his degree in Computer Science from Michigan State University. If he’s not talking about technology, he’s almost certainly talking about sports or food.