If your organisation does not use Multi Factor Authentication yet, then Read on and before you do anything else. Next ensure you get Multifactor authentication implemented ASAP for the sake of your job and your business.
The Problem
Passwords are not secure in isolation, they need to be remembered and they need to be changed on a regular basis to maintain organisational security, the trouble with this is that passwords are not just for users – though that is the first point of weakness.
A credential (service account) is used by every system or application that needs to connect to any other app to perform any action, this probably means every system in every organisation is likely using many passwords over and above user accounts, these “Service account” passwords are most often hardcoded into scripts or batch files or stored on a file system to be accessed when needed.
Passwords are also used by every and passwords leaves “cookie crumbs” or tokens where they have been used. This is also known as a password hash and is more secure than the password being stored in clear text but still creates a security vulnerability as that passwords hash can be used to access other resources on the same network.
In addition to this passwords are not inherently safe, as internet facing services get breached and email address and password combinations are harvested, more and more credentials are out there ready to be weaponised as an attack on your business.
It only needs one of your employees to have used the same password on a web service that your business uses with their business email address, for a breach to start. The malicious attacker at this stage has all they need to connect to your systems….. Unless you have Multi Factor Authentication, then you are more than likely to be secure.
The solution
Multi Factor authentication secures your Organisation by requiring an additional form of identity to be provided after the password has been entered, this comes in the form of hardware tokens, SMS, Software installed on device etc. MFA is something that you have in your possession at the time you wish to log in, this is ensured through the token changing its passcode on a regular (60 seconds often) basis so that it can never be written down and used after the fact.
Multi Factor Authentication is not complicated to implement or manage and with technology such as Microsoft Conditional Access can be used to only require MFA when users are accessing a resource that needs additional security e.g. Payroll or is accessing from a risk location e.g. Iran when the users office is in Melbourne, Australia.
Leave a Reply