CNWR Blog

Modern Password Practices for Better Security - MFA

Written by Aaron Melby | Nov 30, 2023 3:55:58 PM

So, you were asked to create one more password, completely different than any other password ever previously used, containing upper case, lower case, special characters, and a blood sample. You then punched yourself in the face and ran down the street screaming. We have all been there before. A very skilled hacker was necessary to worm into a given system and breach data in the old days.

That is no longer the case.

The same technology that makes our lives "easier" is also the same technology that makes it easier to expose your data. In a seemingly endless cycle of security breaches and password compromises, there are methods to make things both more accessible and more secure.

What is MFA?


2 step verification, Multi-Factor Authentication (MFA), Two Factor Authentication (2FA)... these are all types of the same authentication process, and you have likely used this type of technology in one form or another in the past. MFA is simply using multiple factors to identify a given user.

When you are logging into a new computer, a code sent through your email is one example (generally referred to as 2 step verification). That second factor drastically increases your account's security, and there are more secure ways to facilitate this than using email (an inherently insecure communication medium).

Inconvenient?

Is implementing MFA inconvenient? Yes and no. It is inconvenient because there is an additional step required when accessing secure stuff, but the "extra" step or initial steps necessary are not that inconvenient, and the peace of mind far outweighs the inconvenience. Also, the 2nd factor means that the first factor (password) does not necessarily need to be as complex as without MFA.


Regular password changes become less crucial if even necessary (Microsoft's new official policy on passwords is that forced password changes result in less secure passwords in general, so they are now recommending NOT forcing password changes, but that is for another conversation).

 

 

Implementation

MFA methods commonly use mobile devices for that second factor. This might be accomplished via text message (also not incredibly secure, but better than nothing) or authenticator apps which are becoming more common as a means of facilitating MFA. These apps use various methods to generate that second factor (push notifications, algorithms to generate a code, etc.). They are inherently more secure than the above-mentioned 2 step verification or text. Google and Microsoft both offer authenticator apps, and there are many more than that available, though I would suggest using one from a well-known company.

In conclusion, MFA is not full proof, but it decreases the chances that a given attacker will take the time to compromise your data. No offense, but the great majority of us regular people are not worth the time it might take to breach our personal data if we take these extra (relatively easy) measures to secure our information. We believe, taking the small step of adding MFA to your routine makes a lot of sense, unless your last name is Gates, Bezos, or Musk it should provide more than enough protection.

Is one more app on your mobile device that you always have on you and are constantly looking at too much to ask?