Cybercrime is big business, and the numbers are astounding. Microsoft states There are over 300 million fraudulent sign-in attempts to [their] cloud services every day. A new report shows there were 15 Billion Stolen Logins from 100,000 Breaches. These numbers are not decreasing, and you've likely seen very high profile breaches making headlines on a semi-regular basis. Passwords, themselves, are no longer enough to protect your business and haven't been enough for some time.
The Keys to the Kingdom
Gone are the days of the "email" password. These credentials now often open the gateway of a complete cloud platform, of which email is now a small part of. Office 365 is a prime example where, depending on subscriptions and licensing, a user's authenticated login gives them access to the full suite of company services hosted Microsoft's cloud. Even the most basic Microsoft 365 account provides full access to Exchange, OneDrive, SharePoint and Teams. An unauthorized login can expose a staggering amount of potentially sensitive company data.
Prove It's You
Generally speaking, there are three fundamental verification elements utilized for sign-in:
- Something you KNOW - your username and password
- Something you HAVE - your security token or mobile device
- Something you ARE - biometrics such as your fingerprint or voiceprint
The Human Factor
People have always been and will always continue to be the weakest link in the security chain. Password fatigue happens and users may choose to re-use a password for multiple services.
If a user utilizes the same email address and password for a service such as LinkedIn as they do for their email and a breach occurs, you're essentially inviting an attack on your email and other hosted services.
Additionally, phishing attacks are a constant threat and a user may inadvertently give their credentials away to a bad actor.
Nullify the Threat
Utilizing two (or more) of these elements in combination immediately nullifies the problem of compromised passwords
This is where Multi-Factor authentication comes in. Utilizing two (or more) of these elements in combination immediately nullifies the problem of compromised passwords. Once a user passes the initial authorization, usually by entering their username and password, an additional factor for authentication must be confirmed to verify identity. This could be a simple text message, maybe a push notification from a phone or possibly a biometric signature like a fingerprint or voiceprint.
By utilizing extra layers and verification methods through multi-factor authentication, a compromised password attack may be completely thwarted. Microsoft's own data shows that MFA can block over 99.9 percent of account compromise attacks.
Your organization needs to implement multi-factor authentication right now.