Barracuda full logo

Back to basics: Multi-factor authentication (MFA)

Argomenti:
21 ott 2020
|
Christine Barry

It’s often said that employees are the weakest link in a company’s security and data protection. This is true because of one thing that most of us learned as children:  nobody’s perfect. Anyone can get distracted, develop bad habits, or just get left out of cybersecurity training. When that happens, the whole company can be exposed by an employee’s mistake.

Username and password combinations remain the primary means of authentication for home and business accounts. Far too many people use the same password for multiple accounts and/or use personal accounts for business email. There are also those users out there who choose simple and common passwords, such as ‘qwerty123’ or ‘passw0rd.’ This means there are a lot of accounts that could be compromised easily by brute force or dictionary attacks.

Let’s face it; password security is one of the easiest yet most important ways that an employee can help protect the organization. Because passwords secure our email, data, bank accounts, and everything else we have online, security teams need to push back against bad password habits. The problem is that so many people just get annoyed with complex passwords or passphrases. A complex password to a network is no good if the user writes it on a Post-it and sticks it on the monitor so he can log in quickly. IT teams need to strike the right balance between effective security and end-user convenience.

Multi-factor authentication (MFA)


The answer to the question of balance may be Multi-factor authentication or MFA. This is an additional layer of security that works with your user credentials to confirm that you are who you say you are. In this way, it can protect you against attacks that rely strictly on the username and password combination.

How does it work? Put simply, MFA requires you to present one or more of three things when you attempt to log in to a resource:

  • Something you have: a hardware authentication device like a security key or smartcard

  • Something you are: a thumbprint or facial recognition, which can be accomplished with many current smartphones and tablets

  • Something you know: a passcode that was sent to you by text message, email, or authentication app


SMS is one of the most popular methods of MFA in use today. Let’s say you want to log in to a website using MFA with SMS, which is a cellular text message to your phone. After you enter your username and password into the login area, the website authentication mechanism will send you a one-time code via SMS. You enter the code into the website, and if it matches what it sent, then you are granted access. You’ve confirmed who you are by presenting your credentials plus something else that you know, which is the one-time code. For many users, this is that happy place between “really secure” and “really annoying.”

Unfortunately, These applications are secure and user-friendly and should be easy for users to adopt companywide. These apps get bonus points for the fact that they’ll work with other methods of authentication should the password ‘go away’ someday.

SMS is not as secure as some of your other options. A better method is to use an authentication app like Microsoft Authenticator or Google Authenticator.
Clicca per Tweet


Using MFA on Barracuda Cloud Control


MFA is available on Barracuda Cloud Control, and by default, it is configured as optional on all accounts. The BCC account administrator can change these settings at any time. Here are the available options:

Required:  All users associated with the customer’s account are required to use MFA to login. If MFA is not previously configured for a user, that user will have to set it up prior to the next login.

Optional: All users associated with the account can choose whether to use MFA. This is controlled by the user on the account profile page. The account administrator can override any individual MFA settings.

Barracuda Campus has full documentation on how to configure MFA on Barracuda Cloud Control. For details, see the following pages:

Check out Barracuda Campus for more information on configuring and enforcing strong password policies.

Christine Barry

Christine Barry Senior Chief Cybersecurity Storyteller e Content Manager presso Barracuda. Prima di unirsi a Barracuda, Christine è stata ingegnere di campo e project manager per clienti K12 e SMB per oltre 15 anni. Possiede diverse credenziali in tecnologia e gestione dei progetti, un Bachelor of Arts e un Master of Business Administration. Si è laureata presso l'Università del Michigan.

Connettiti con Christine su LinkedIn qui.

 

Unisciti alla nostra community su Reddit!

Post correlati:
La necessità è ancora la madre delle invenzioni nella sicurezza informatica
La necessità è ancora la madre delle invenzioni nella sicurezza informatica
 Cifratura e crittografia: qual è la differenza (e perché è importante?)
Cifratura e crittografia: qual è la differenza (e perché è importante?)
 L'ordine esecutivo di Trump potrebbe creare nuove sfide di sicurezza
L'ordine esecutivo di Trump potrebbe creare nuove sfide di sicurezza
 I regolatori adottano un tono diverso sulla sicurezza informatica
I regolatori adottano un tono diverso sulla sicurezza informatica
Cerca nel blog

The Ransomware Insights Report 2025

Risultati chiave sull'esperienza e l'impatto del ransomware sulle organizzazioni a livello mondiale

Scarica il report

Iscriviti al blog di Barracuda.

Iscriviti per ricevere i Threat Spotlight, commenti del settore e altro ancora.

Sicurezza della vulnerabilità gestita: correzione più rapida, meno rischi, conformità più semplice

Scopri quanto può essere facile individuare le vulnerabilità che i criminali informatici vogliono sfruttare

GUARDA IL WEBINAR

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.