Protect against credential theft.
Business resources can be compromised by credential theft even if those resources have not been targeted initially. This might happen if a user utilizes a similar username and password (or a slightly different password) across multiple accounts. Even if their login information might be carefully protected at work, these could be stolen from a less secure account (e.g. free email service) and later used in a cyberattack.
Up to a certain point, password complexity does help combat brute force attacks and credential theft techniques in which a series of possible passwords are tested on a list of known usernames. But because modern authentication systems lock the user out after a few incorrect login attempts, attackers can only try a handful of passwords for each account. They usually succeed when they stumble upon an account whose extremely simple and popular password matches their guess.
Multi-factor authentication (“MFA”) helps make stolen credentials useless because MFA requires a user to enter a second form of identification for access, usually a temporary code sent securely to a separate device like the user’s smartphone, so under those circumstances a stolen password on its own is not enough to break an account.
Enabling MFA whenever possible is probably the most effective action IT departments can take to combat credential theft.
Achieve regulatory compliance.
The use of MFA is not yet mandatory for every industry. However, two-factor authentication (“2FA”) is a needed security measure to comply with restrictions in some key industries such as healthcare, finance, defense, government, and few other sectors.
The Health Insurance Portability and Accountability Act (HIPAA) was created to protect the privacy of individual healthcare information. According to HIPAA, healthcare organizations need to implement measures to enforce password security. The act does not dictate the implementation of 2FA but requires organizations to implement password security best practices.
The finance industry is using the 2FA technology for years. Each time you use an ATM, you are using 2FA – you need both your PIN and your credit/debit card to access your bank account. As more financial services are now online, financial organizations need this layer of security to protect their customers and their sensitive information.
Any organization that processes and stores card payment information also must comply with PCI-DSS. This means they may have to go a step further and provide more than just two authentication factors to ensure their security.
The US Military uses 2FA authentication via the Common Access Card (CAC) issued to active-duty military personnel, selected reserve, US Department of Defense (DoD) civilian employees and contractor personnel.
US Law Enforcement agencies who utilize the Criminal Justice Information Services (CJIS) require MFA to access the National Crime Information Center (NCIC). These examples further demonstrate the real-world application of MFA.
NOTE: Single-factor authentication systems are no longer able to provide the level of security needed to keep vital data safe and secure.
Reduce risk of data breaches.
MFA helps prevent some of the most common and successful types of cyberattacks, including phishing, credential stuffing, keyloggers, brute force and reverse brute force attacks, man-in-the-middle (MITM) attacks, etc.
Here are a few reasons why you should secure your VPN with MFA to ensure trusted access:
-for protection against credential theft
-for achieving regulatory compliance
-for enabling consistent access security for both on-premises and cloud applications
-for gaining visibility into all devices
-for enforcing granular access security policies.