Taking credit aside, the timing of the development of MFA coincides with Bill Gates’ turn-of-the-century assertation that passwords “don’t meet the challenge for anything you really want to secure”.
Although passwords remain in heavy use, organizations are slow to adopt MFA when you consider the following:
Just 27% of small businesses (up to 25 employees) utilize MFA.
Globally, only 57% of businesses employ MFA.
Companies which don’t use Multi-Factor Authentication put themselves at risk, as 99.9% of hacked accounts only have a single layer of security for invaders to get through before accessing critical company data. On average, 0.5% of corporate accounts are breached each month. The math says that if you have an organization of 10,000 users, 50 of them will be compromised.
1. Improve User Security
First and foremost, Multi-Factor Authentication improves the mobile security of data and devices by creating an additional level of protection.
The average password is 9.6 characters in length and comprised of the following characteristics:
- 1.1 upper case letters
- 6.1 lower case letters
- 2.2 numbers
- 0.2 special characters
Using a brute-force attack (where a hacker submits as many combinations as possible with the hope of guessing correctly), it takes approximately three weeks to crack the average password.
With MFA, even if someone manages to guess your password, they still must figure out the second layer of security, such as a randomly generated token or email verification link. Just knowing or breaking into a password isn’t enough to gain access.
When it comes to overall effectiveness, MFA:
Prevents over 96% of bulk phishing attempts.
Protects against more than 76% of targeted attacks.
Blocks bot attacks (bots cannot intercept authentication codes generated by an app).
2. Ensure Compliance
Certain industries require MFA to meet legal and security compliance:
Healthcare: Multi-Factor Authentication is used to protect medical records and meet HIPAA compliance standards.
Retail: MFA helps with PCI DSS (Payment Card Industry Data Security Standard) compliance which retailers must adhere to when processing payment card transactions.
Emergency Services: Law enforcement personnel use MFA to access criminal or information databases.
Multi-Factor Authentication is also used for GDPR compliance to hold organizations accountable for the personal data they handle.
Depending on the industry, failing to implement MFA can lead to significant penalties. In financial services, for example, MFA non-compliance may result in regulatory punishment, monetary penalties and even class action lawsuits.
To properly utilize MFA, two authentication methods are required:
Something you know or create: That would be your password.
Something you have or are given: That would be a one-time numeric code or email verification link.
(It’s worth noting here that 1% of organizations are incorporating biometric authentication, such as a fingerprint or facial recognition – something you are – into their MFA initiatives. Biometrics as a market is expected to be worth $36.6 billion USD by 2025.)
3. Protect Workers via Secure Authentication
And hackers have taken advantage, too. For example:
Brute-force attacks have risen 400% since the onset of the pandemic.
The number of unsecured remote desktop machines rose by 40%.
Email scams related to COVID-19 spiked 667%.
90% of newly created coronavirus domains are illegitimate.
63% of data breaches are caused by weak or reused passwords.
While having a strong password is critical to reduce the risk of stolen or compromised data, utilizing MFA mitigates that risk further.
Should a cybercriminal figure out the password of a device, they won’t get any further than that. Additionally, when remote workers are on the go, Multi-Factor Authentication goes with them to deliver safe and secure access to sensitive corporate information.
SOTI Identity Incorporates Multi-Factor Authentication
One-time password (OTP) by email: Users are sent an email with a password that can only be used once. If the user takes too long to enter the OTP, it expires and is rendered invalid.
Duo: After users install the Duo app on their device of choice (smartphone, tablet, etc.), end users simply open the app and enter a displayed numeric code.
Google Authenticator: Users are given a time-based, one-time password via the Google Authenticator app to safely log into the SOTI ONE Platform.
SOTI Identity MFA addresses the concept of zero-trust security, which states that organizations should not automatically trust anything inside or outside its four walls, and instead verify anything and everything trying to connect to its systems before allowing access.
Secure Your SOTI Solution with SOTI Identity MFA
And with SOTI Identity MFA, you can rest easy knowing your SOTI solution is protected with the highest levels of access control.
For More Information
Start a Free 30-Day Trial: See for yourself how safe and secure SOTI Identity is and how much control and visibility the SOTI ONE Platform gives to your fleet of mobile devices.
Book a Free Demo: Let us walk you through a detailed demo. Learn first-hand how the products of the SOTI ONE Platform work together and how your business benefits.
Contact Us Anytime: Send us your questions or comments. Need answers right away? Click the chatbot at the bottom right of the page to instantly connect with a SOTI product expert.