ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
In 1996, Tom Cruise’s character in “Mission: Impossible” pulled off a vault heist, bypassing complex security features, including a retinal scan, a voice-recognition safeguard and a motion sensor. That fictional scene illustrates how a group of clever, motivated people can crack top-notch defenses. But in real life, a stunt like that would be … well, impossible.
Businesses understand the value of their data and proprietary information, and they know hackers become more sophisticated every day. That’s why some companies are choosing to beef up their security systems with two-factor (2FA) or multi-factor authentication (MFA).
How it Works
Simple two-factor authentication requires a person to have two of the following:
- Knowledge, such as a personal identification number, password or pattern
- An object, such as key fob or a smart phone
- An individual’s unique trait, such as one’s voice or fingerprint
So, if you try to log into your online bank account from a computer you’ve never used before, your bank might attempt to verify your identity by using 2FA. It might ask you to enter a code, sent to you via text message. This type of authentication can’t prevent all types of cyber attacks, but when a user needs a cell phone or other object to log in, remote attacks are harder to execute.
How it Fails
One way hackers can bypass multi-factor authentication is to find out enough about you to hijack your phone number. They might ask your phone company to forward calls to a new number – theirs – which would allow them to receive passwords via text message.
Hackers may also pretend to be users who have forgotten their log-ins to see if they can get a password reset link sent to their email address. The security questions people set up for accounts often really aren’t secure, if a hacker knows anything about you. So, hackers can make a guess, and if they answer your security questions correctly, get access to your account via a new password.
Despite the ways it can be exploited, MFA is still a better choice than using password protection only.
Implementation and Testing
Multi-factor authentication software can be useful in protecting servers, business systems and specific applications. It will require some technical expertise to implement, though, and some companies don’t have the staff that can successfully integrate MFA.
The cost of instituting this kind of security can vary considerably. A large company that purchases digital key fobs for MFA purposes might spend a lot of money on equipment, as well as licensing. Small firms may be able to save money, if they have a staff of people who are willing and able to use their own smart phones for MFA.
The Best Safety Possible
To startups and companies with small budgets, MFA may seem impossible. But when you lease space at Lifeline Data Centers, you get layers of security features – card-readers, keypad access codes and 24-7 video surveillance. Come see why businesses trust Lifeline to keep their information safe. Schedule a tour today.