As a result, many companies rushed to implement MFA as a means to provide an additional layer of security to vulnerable accounts. However, despite the proven advantages of MFA, many people still hesitate to use it for a variety of, frankly, bogus reasons.
Myth #1: MFA Is Expensive
Implementing multi-factor is certainly an investment, but with the advent of cloud-based managed service providers, it’s actually far more cost-effective than ever before to include MFA in your security strategy. You aren’t limited to token-based solutions, either. Software-based MFA products remove the need for tokens that can be lost, stolen, or damaged, and allow for more streamlined deployment and management, saving money in the long run.
Myth #2: MFA Requires a Second Device
In the past, multi-factor authentication required a token or some sort of hardware. However, with the advent of the software-based tokens mentioned previously, there is no need for a token. In fact, many of us are already familiar with single-device MFA: When you request an SMS code as part of the login process to certain websites, and enter the code you receive, your smartphone serves as the hardware — even if you’re logging in to the site from that device.
Myth #3: MFA Is Cumbersome
People often believe that MFA is cumbersome for two reasons: First, the extra step required to log in takes too much time. Second, some believe that they will need a separate token for every application or site that uses MFA.
It is true that MFA does require a few extra moments to use; if you are using an SMS-based authentication protocol, you have to request the code and wait for it to arrive, which can take up to several minutes depending on your mobile service provider. However, consider the amount of time you will spend dealing with a breach if you don’t add that extra layer of security — it’s guaranteed to be much more than the few moments required to request and enter a code. Second, there is rarely a need to carry more than one token. SMS messaging of one-time-use codes is the most common form of MFA in the consumer sphere, and most enterprises reserve MFA for primary or mobile logins. In short, in most cases you won’t need much more than your smartphone or corporate token to take advantage of MFA.
Some experts have suggested that MFA is nothing more than a compliance requirement that doesn’t do much to actually protect data or restrict access. That’s not true, as MFA does help protect high-risk transactions, but it’s also important to recognize the limitations.
MFA is a security tool, much like antivirus software and firewalls are tools: On their own, they offer some protection, but aren’t foolproof, all-encompassing solutions. However, when used with other security tools, they provide a greater level of protection. MFA improves security and more effectively controls access, and is a step toward thwarting hackers and thieves.
In short, MFA isn’t going anywhere, and as new technologies and tools develop, it’s going to become easier, more affordable, and more effective to use. So as you look for ways to improve your data protection efforts, don’t overlook multi-factor authentication as a trend. Embrace it, and secure your data.