For Cyber Security Awareness Month, companies across the country are focusing on the theme of See Yourself In Cyber, an initiative aimed at reminding everyone that cybersecurity starts with us: the people! Black Kite is thrilled to be participating in the campaign. One of the four focuses this year is multi-factor authentication.

Within the last few hours, I’m sure you’ve already received a text on your phone with a six-digit code allowing you to login to an application. Better yet, you may have even needed to download and use an authentication application to gain access to an account on your laptop.

These are all examples of multi-factor authentication, a two or multi step process of verifying a user’s identity before allowing access to an account or application. In a world where credentials are constantly being leaked in cyberattacks or on the dark web, having a second step in the login process is crucial to maintaining security.

But most of the time, you probably feel a little frustrated that you can’t instantly access the account in a pinch. Simple username and password entry has been the standard blend of security and convenience for the last few decades.

The History of MFA

Multi-factor, or two-step (2FA) authentication has been around for quite some time. In fact, you probably used it before you realized what it was! Picture this – you go to the grocery store and buy food for the week.

You pull out your debit card to pay and guess what? They prompt you to enter a 4-digit pin number to accompany the card and finish the payment. While you could give your pin to a trusted person to make the purchase for you, odds are a stranger will not have it.

2FA through a smart phone or email didn’t gain traction until the early and mid 2000s, when users began being prompted for a second piece of evidence to prove an identity. Banks were among the first to use this directly with consumers. As data breaches increased and technology progressed into the 2010s, more applications and account systems like Google and Microsoft began implementing the same 2FA process.

According to LastPass, “in early 2016, President Obama wrote an editorial for the Wall Street Journal in which he declared that passwords alone were not enough to protect consumers and businesses. Noting that 9 out of 10 of Americans said they felt like they’d lost control of their personal information, the President announced a new national awareness campaign, #Turnon2FA, to encourage more Americans to protect themselves online.”

What is Multi-Factor Authentication Comprised of?

Within the factors of authenticating an identity, there are three main categories:

  1. Something you know. This could be a password, a pin number, or the answer to a security question. 
  2. Something you have. This might be a smartphone, or a secure USB fob on your keychain. This would also be an item in your possession that is physical rather than memorized. 
  3. Something you are. This factor is directly related to you as a human being. A fingerprint or facial recognition would fall into this category.

To achieve multi-factor, you must have two of the three main categories accounted for at the time of sign in. Since compromised and leaked passwords are one of the most common ways that threat actors can steal data, your identity, or gain access to a company’s systems, multi-factor is a strong control to limit this behavior. According to Microsoft, MFA can block over 99.9 percent of account compromise attacks.

It’s Time to Opt-In for Better Security Habits

Okay – raise your hand if you’ve clicked the button that says “Set up MFA later” when prompted to add an authentication method to an account of yours at work. We probably all have. Perhaps we were in a rush, having a busy day, or didn’t think it made much difference.

Currently, according to LastPass, the technology/software industry has the highest number of businesses with employees using MFA, 37%. But that still leaves 63% of companies to make the leap.

While you can make these choices on a case-by-case individual basis, we encourage you to appeal to management at your organization as well. Taking the first step makes a big difference!

Curious for more Black Kite content? Check out our latest research.

Black Kite Research