'Bulletproof' solution to remote access security.

One of the Essential Eight in Business Cyber Security

Multi-Factor Authentication (MFA) is typically described as a bulletproof solution to remote access security.

It is an effective way to add an additional security 'gate' to deter unwanted access to remote databases or sensitive information. Many of you may already have seen some version of MFA when you log into your bank account or when you re-log into your email account (such as Office 365) - once you have logged in with your username and password, you are then sent a text and asked to enter the code.

The Essential Eight guide defines that MFA is for VPNs, RDP, SSH and other technologies, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository. Why?: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

The Small business cyber security guide defines it as a security measure that requires two or more proofs of identity to grant you access; Multi-factor authentication (MFA) typically requires a combination of something the user knows (i.e. something you know), something the user physically possesses (i.e. something you have) and/or something the user inherently possesses (i.e. something you are).

Examples of the three categories of identification could be:

Something you know:

• PIN
• Username/password
• A secret question and answer

Something you have:

• Card
• Token
• Random PIN sent to your phone

Something you are:

• Fingerprint
• Face scanning
• Voice recognition
• Iris scanning
• Retina scanning

Most remote access security comes down to something you know; and that something is almost always a password. In creating a password, both length and complexity used together is the best defence. Length is perhaps more important (mathematically) from a time point of view. It will take less time to crack a 6 character letter, number and special character password than it will for a 16 character letter and number only password. It's also best not to do "keyboard walks" in password creation because every cracker will have them in their password lists. (Keyboard walking is simply typing in straight lines up and down the keyboard).

Our recommendations

Because the first factor in remote access security authentication is vulnerable (i.e. usually a password), then it's essential to have a second or even third authentication factor.

However, implementing multi-factor authentication can be a hindrance to users as it can slow down the access to the system. There is always a balance between security and usability. There is a curve that we look to when making decisions and recommendations about the balance. Our advice is that MFA should be implemented and we also know how to determine the right combination of MFA versus user's tolerances.

Loyal I.T. Solutions can help your business set up multi-factor authentication for services that support this technology.