Ninety percent of internet users are worried about having their passwords compromised, and they have a good reason. Password theft has risen to be the number one goal of phishing attacks and it’s responsible for a large percentage of cloud account data breaches.

Without proper cybersecurity protections in place, a hacker can wreak havoc if they compromise a user password. And one password breach often leads to more than one account being in jeopardy.

44% of people admit to reusing passwords across multiple work and personal accounts, so a breach of one account means all accounts using the password can also be accessed until it’s changed.

Unfortunately, we’re not usually aware right away when a password has been compromised. It can be months, for example, before you’d be aware that your password was involved in a major data breach. It takes time for the breach to be discovered and even more time for a notification plan to be carried out.

Even if you have strong security measures in place like encryption, if an attacker has a legitimate password, they can bypass safeguards designed to keep them out. Unless multi-factor authentication (MFA) has been put in place. 

Using MFA with your logins can stop 99.9% of all fraudulent sign-in attempts. Even if a hacker has a password, it’s very unlikely they’ll also have the device that receives the code needed to gain account access.

Implementing MFA for all company logins is one of the best things you can do to boost IT security, and it’s important to understand the difference between the three main types of MFA.

3 Ways to Enable MFA Compared

When you enable multi-factor authentication, you’re setting up a system that sends a one-time, time-limited code to a specific device at login. Only after the user enters both the username/password combination and the code can they gain access to the account.

There are three different ways to receive the MFA code, and while all greatly improve security overall, there are some that are more secure than others.

We’ll go through each of the three types below and explain the key differences. For the security details, we referenced a Google study on multi-factor authentication that looked at the effectiveness of all three methods against three different types of cyberattacks. 

Receiving the MFA Code by SMS

The least secure of the three methods is receiving the MFA code by SMS/text message. This is the most common method to use and is often the default method of website accounts and cloud tools when setting up MFA.

In the Google Study, SMS performed as follows:

• Blocked 76% of targeted attacks
• Blocked 96% of bulk phishing attacks
• Blocked 100% of automated bot attacks

One vulnerability that using SMS to receive the code has is that SIM cards can be cloned by hackers. One phishing text that a user clicks on can unleash malware that clones the SIM card and send the details back to the hacker. They can then see all the text messages sent to that phone.

On the plus side, SMS is one of the most convenient methods for users.

Receiving the MFA Code by Device Prompt

The next most popular method and one that holds the middle position for security is receiving the code through an app and on-device prompt. A popular app for MFA is Google Authenticator. This method is also commonly used on iPhones through a built-in feature when signing into iCloud.  

In the Google study, here’s how the on-device prompt did:

• Blocked 90% of targeted attacks
• Blocked 99% of bulk phishing attacks
• Blocked 100% of automated bot attacks

This method is also fairly convenient for users, but it does take a little more setup if using a universal app, like Google Authenticator, because accounts have to be set up to use it.

Receiving the MFA Code by Security Key

The most secure method and the most expensive is using a security key to receive the MFA code. The other two methods are typically free, but you need to purchase a security key device from a vendor such as Yubico or Thetis.

Security keys are small, generally smaller than a USB flash drive, and are physically plugged into a computer or mobile device to authenticate the MFA code.

The additional cost pays off in a higher level of security. Here is how the security did in the Google study:

• Blocked 100% of targeted attacks
• Blocked 100% of bulk phishing attacks
• Blocked 100% of automated bot attacks

Besides having to purchase the keys, one downside is that users must carry around the key, and if it’s lost, they’ll need to jump through a few hoops to get a replacement and could be locked out of accounts until then.

How Secure Are Your Cloud Accounts?

Pro Tech Guy can help your Framingham business put an effective cybersecurity plan in place. We’ll help ensure passwords are protected with a system that balances convenience, cost, and security to meet your needs.

Contact us today to learn more. Call 508-364-8189 or reach us online.

The Internet of Things (IoT) has gone from one of those “space-age” concepts to something we see in our homes and offices every day. Smart speakers are now used widely and have begun heading into the office along with many other IoT devices. [Read more…]

Most business owners understand the need to keep the operating systems and applications on their computers updated and patched to prevent a data breach. Without being updated regularly for newly found vulnerabilities, devices can be susceptible to ransomware, viruses, malware, and other attacks. [Read more…]

Are your employees still using one-monitor workflows? If so, your business could be missing out on a simple approach that significantly improves productivity.

[Read more…]

Email is a vital part of any company’s workflow, and most could not conduct business without it. 86% ofbusiness professionals prefer email as their main form of work communications. [Read more…]

This year, a lot of small and large businesses alike are taking a long, hard look at their cybersecurity measures. The pandemic brought an onslaught of attacks as hackers took advantage of all the disruptions caused by the pandemic.

[Read more…]

One of the popular business technologies for communication and video during the pandemic has been Microsoft Teams. The application went from 20 million daily active users in November 2019 to 115 million byOctober of 2020. (a 475% increase!). [Read more…]

The internet has become just as indispensable as electricity. 81% of the U.S. population goes online daily, and most businesses couldn’t function without email, cloud tools, and other online systems. [Read more…]

2020 saw significant rises in all types of cyberattacks. Attackers took advantage of the disruption of the pandemic, remote worker networks, and the fears surrounding COVID. [Read more…]

The technology a company chooses has a direct impact on productivity, profitability, and their customer service. [Read more…]