3 Technologies for Better Multi-Factor Authentication

Most employees look at multi-factor authentication as an inconvenience, despite knowing that it’s in the company’s best interest to use it. However, the innovation of SIM swapping has left one of the most common methods of MFA, SMS authentication, in a precarious situation. With these types of hacks, cybercriminals don’t need access to your phone; all they need to do is trick customer service into porting your phone number to a new device in their possession.

A little unnerving, especially considering that you have ZERO control over the security training of your mobile provider. Thankfully, there are other MFA options that aren’t as prone to security issues.

How to Protect Against Attacks That Bypass MFA

It’s no surprise that MFA is annoying for employees, and if you know this, then you can bet hackers also know about it. MFA fatigue is constantly leveraged against businesses, and cybercriminals are always hunting for ways to get your employees to approve logins even if they don’t make sense. Once they get in and change enough settings, they can lock you out of your accounts for good. Scary stuff.

As for what you can do about it, there are authentication methods that help you avoid the risk of MFA fatigue entirely, like these:

Authenticator Apps for Localized Security

You can use time-based one-time-password apps that generate codes locally on a device’s hardware.

Since no signal is sent through your mobile carrier, there’s no way for it to be intercepted and swapped through the SIM swap process. The code only exists on a specific device for 30 seconds, and after that, it’s gone. Poof. This simple shift helps you avoid 90% of the problems associated with working with mobile carriers.

Since your team is already using smartphones, this is a no-brainer upgrade that can kickstart security in seconds.

Number-Matching Features

Push notifications might have more speed, but you can further augment security by using a number-matching feature.

With number-matching enabled, your team will be asked upon login if they see a random number on their computer screen. The employee then receives a prompt on their phone asking them to type the number displayed. A hacker in another location cannot view the screen, and an employee can’t approve a login with their phone in their pocket, so it’s a win-win.

This method is powerful because it forces a conscious, manual action from your team, all but guaranteeing that the person entering the code is who they claim to be.

FIDO2 Hardware Keys

Chances are you have some important players on your payroll, like the people who have access to your admin accounts for email, payroll software, and bank information. These people should have a physical hardware key to keep this information safe.

It’s simple; you use a small USB or NFC device that follows the FIDO2 standard, which lets users log in by physically inserting the key into their laptop or tapping it on their phone. It’s just like a physical house key in this sense; no access is granted without it. There’s no code and no notification to approve, either, making it incredibly easy to use.

These keys can also detect fake phishing websites, even when the user is missing the throwaway signs. The hardware key might spot that the URL is wrong, and it will refuse to provide the credentials.

Security is hard, but it doesn’t have to be. WatchPoint Solutions can help your business implement dynamic security solutions designed to eliminate risk and take proactive action to prevent breaches. Learn more today by calling us at (848) 202-8860.