Username and password may be the de-facto means of authentication for many organizations, but they can easily be the weakest link in security controls. In this article, we’ll detail why Multi-Factor Authentication (MFA) should be paired with encryption for top-level security.
In 2019, encryption is everywhere. It’s a standard feature on your iPhone, your messaging program of choice, and your file transfer tools. Encryption has gotten so powerful that the federal government wants a backdoor into consumer apps and devices, and criminals have weaponized it to great financial success.
But while encryption is an essential part of any cybersecurity toolkit, and a best practice for securing any sensitive data, whether in transit or at rest, there is a weak link that can give just about any hacker access to your sensitive information: bad authentication methods, namely, the username and password.
Username and Password: The Dumb and Dumber of the Authentication factors
Today, your usernames and passwords are part of your identity, just like your address, phone number, and driver’s license. Unfortunately, they can be just as easy to procure as your phone number and address, especially if they’ve been used across multiple accounts.
It doesn’t take much searching to see that dozens of high-profile websites lose millions of password and username combinations every year, and it’s easy to check for yourself whether you’ve lost any.
The problems with passwords are multiple, and they’re well known, in fact, even the most complicated password imaginable is little trouble for a computer to crack, and it’s absolutely useful if it’s leaked even once, because passwords can be sold and exchanged easily, and they frequently are, which makes them a huge liability for large organizations. Despite this, many organizations repeatedly reuse passwords for important business apps, and even for sensitive databases.
And research has shown that as many as 1 in 5 employees are willing to sell their passwords for less than $100.
In light of all this, it stands to reason that your encrypted data is only as secure as the means of authentication used to protect and control access to it, and if that means password and username, you have your weakest link. So, when the traditional, widely prevalent means of authentication are so flawed, what’s the next step?
Generally, the best move is to step-up your authentication to Multi-factor Authentication (MFA).
What is Multi-Factor Authentication?
Multi-factor Authentication, often written as MFA, is a method of authentication and access control that adds an additional factor, aside from username and password, to the authentication process. Typically, this is achieved by pairing something the user knows, such as his or her username and password combination, with something the user has, such as a push notification to their phone, or a one-time password token, such as those made by Gemalto. Other third factors can include email or phone calls, or even biometric factors, such as a fingerprint or facial scan.
Sounds familiar right? That’s because most people have already had some experience with this, whether from using our fingerprint to unlock our phones, or receiving a text from our bank to verify our identity before transferring funds online.
MFA and Encryption: A Winning Combination
In the past ten years, MFA has become a common technology. So much so that it’s a common requirement to meet compliance standards.
Now I know what you’re thinking— “if MFA is really so good, why should I protect my data with encryption in the first place? Isn’t it enough to keep hackers from accessing it?” Not exactly. To use a weak analogy, using multi-factor authentication without encrypting the data stored behind it is a bit like locking your car but leaving your valuables out in the open… if a criminal is able to find a way in, they can take anything they want. Conversely, encrypting your data, but using a simple username/password combination to control access, is a bit like leaving your car unlocked, but locking your valuables in the glove box. If your car is ransacked, you can bet that the criminal will try their best to get access to that glove box—and may succeed.
The real best practice is to leverage both technologies by using tools that encrypt your sensitive files in transfer and at rest, and integrate with MFA tools to manage access to those sensitive files.
Progress’s MOVEit Transfer does just that, with award-winning MFA capabilities that let you securely control user access, as well user-class-based password expiration policies, and single-sign on. MOVEit Transfer also supports Secure Folder Sharing, making it simple for internal and external users to securely and easily collaborate while maintaining a complete audit trail.
MOVEit’s authentication capabilities delighted or highly satisfied 97% of users, according to a recent product scorecard from Info Tech Research Group. To learn more or request a free trial, click here.