NPI Technology Management Blog

Multi-Factor Authentication: Beyond Just the Password

- December 14, 2017

One of the growing trends in cybercrime prevention is the use of a login technique called multi-factor authentication.  This technology adds a powerful extra layer of security to the access of sensitive information and works for any size business by requiring a further proof of identity beyond a simple password.

All multi-factor authentication methods combine a normal password with some kind of additional information that only the user can provide.  They input their username, password and then a code is sent separately to their cellphone or email address. Another authentication approach requires an employer-issued access card. Biometric identification has been used for centuries and, with today’s advanced technology, fingerprints and iris scan are used for phones, cars, banking and more. The Social Security Administration has started sending a special one-time code to recipients’ designated email addresses which is used in addition to their login name and password.

Some extremely high security systems may even use four or more factors as extra ways to verify that the person is really who they say they are.

Here are a few pros and cons to multi-factor authentication:

Pros:

  • It provides an extra layer of protection. Particularly for employees, outside vendors and customers.
  • It is reasonably straightforward to implement. The costs have decreased because most people have a cellphone.
  • If thieves are aware you are using multi-factor authentication, they may decide it is easier to target someone who has not implemented this stronger measure.

Cons:

  • It takes a little extra time to log in. Some may find this cumbersome if they log in many times a day.
  • Employees who forget their phone or access card are stuck. This could lead to lost productivity.
  • If a thief steals somebody’s cell phone that has a weak password or no password, they might have access to all their passwords and both factors of the authentication. This may make employees vulnerable to cellphone theft attempts. To prevent this, make sure a long and strong password is used.
  • Adapting to the multi-factor authentication process may take time for some users to adjust to additional steps.

On balance, the real question is whether the extra security outweighs the inconvenience.  Finance firms and banking institutions have higher requirements for security; for them multifactor authentication will soon be the norm. If data storage and retrieval is a lower business priority, adopting the process may not be needed.

If you have a technology management provider, consider talking to them about the pros and cons of multi-factor authentication.  The cost/benefit ratio has improved and the need for higher data security has become more urgent as cyberthieves become more adept. Multi-factor authentication may help you sleep better at night knowing you are one step ahead of the hackers.