Remote work can
be much safer with the right cyber-hygiene practice in place – multi-factor
authentication is one of them
By Cameron
Camp
If you happen to be working
from home due to the COVID-19 pandemic, you should beef up your logins with Multi-Factor
Authentication (MFA), or sometimes called Two-Factor
Authentication (2FA).
That way, you don’t have to entrust your security to a password alone. Easy to
hack, steal, leak, rinse and repeat, passwords have become passé in the
security world; it’s time to dial in your MFA.
That means you have something besides just a password. You may have seen MFA in action when you try to
log into your bank and you receive an access code on your smartphone that you
must also enter to verify it’s really you who is logging in. While it’s an
extra step, it becomes exponentially more difficult for bad guys to get access
to your account, even if they have a password that was compromised in a breach
or otherwise.
What are your options?
The good news is that MFA
is no longer super-tough to use. Here, we look at a few different popular ways
to use it. If you need to work remotely now and log into a central office to
collaborate with co-workers, this is a nice way to beef up the security of
those connections.
Physical token
This means you have
something like a key fob, security USB key or the like, which can be used to
generate a very secure passcode that’s all-but-impossible to break (unless you
have a quantum computer handy). Nowadays, things like YubiKey or Thetis are
available for less than US$50 and are very widely supported if you’re logging
into your own corporate office technology, online office applications and a
host of other cloud applications. It means your normal login will ask for a
password, but also the code generated by your device, which is often physically
small enough to get lost in a pants pocket, so some folks hang them on their
keychain for safekeeping.
Mobile phone
Nowadays you probably carry
a mobile device around most of the time, which is a good argument for using it
to boost your MFA security stance. For example, you can download an
authentication app such as Authy, Google Authenticator, or ESET Secure
Authentication. Whatever you choose, make sure it has a solid history,
security-wise, since it needs to reside on your smartphone, which we now know
can become compromised as well, thereby undermining your other security
efforts.
It’s worth noting that spam
SMS messages on your smartphone can trick some users into voluntarily
compromising their own accounts, so stay on the lookout if you use this. Of
course, reputable mobile security software can help if you’re concerned with
security problems on the platform itself.
Biometrics
It’s very hard to fake a
fingerprint or retinal scan and make sure it offers a solid
factor in MFA. Nowadays, lots of devices have built-in biometric readers that
can get an image of your face from your smartphone taking your picture, or scan
your fingerprint, so it’s not hard to implement this on a device you probably
already have. Some folks steer away due to privacy concerns, which promises to
be an ongoing conversation. Also, while you can reset a password, if a provider
gets hacked it is notoriously difficult to reset your face (old spy movie
plots, anyone?).
Closing thoughts
The important thing with
MFA is that you pick one that suits your goals and one that is easy for you to
include in your routine. I have a very good lock on my front door, but it’s
very hard to use, so often my wife catches me leaving it open, which isn’t very
secure, is it? Good security you don’t use can’t protect you.
In the event of a breach,
MFA can offer side benefits as well. If you are notified that your password is
compromised, there’s a very good chance they don’t also have one of your other
factors, so successful hack attacks should drop precipitously if MFA is correctly
implemented. Use an MFA solution and enjoy technology more
safely.