Multi Factor Authentication services offer a second level of authentication for your web apps. After a simple username and password input, you must then either respond to a call, text, fingerprint or application notification to gain full access to your device.
Multi factor authentication can also be called two-step verification or 2-factor authentication (2FA).
Weak or stolen user credentials are used in 95% of all web application attacks. Access security has adapted to new attacks over time as passwords alone were deemed to be insecure.
Facts and figures are available at the National Cyber security Centre. Their advice states:
When to use 2FA
As long as passwords are used for authentication, there will always be a chance that users and administrators will choose machine-guessable passwords and be susceptible to social engineering. Therefore:
- Businesses should choose Cloud and Internet-connected services that offer a form of multi-factor authentication (2FA)
- All users, including administrators, should use Multi Factor Authentication when using Cloud and Internet-connected services
- Businesses should consider carefully the use of services which only allow for single-factor authentication (we’d say none to that advice!)
Device Encryption is an extra consideration, which provides centralised control to protect access to email, documents, downloading and copying to name but a few benefits.