The Importance of Multifactor Authentication
Cybersecurity Awareness Month is a great opportunity for all of us to think through how we approach cybersecurity in both our work and personal lives. Every day, we hear stories about the latest compromise at an organization, or a person who has fallen victim to cyber criminals. As highlighted by the themes of Cybersecurity Awareness Month 2022 and the Executive Order on Improving the Nation's Cybersecurity released last year, one of the most effective techniques we can employ is to enable Multi-Factor Authentication (MFA). MFA essentially means accessing services using two or more forms of authentication as follows:
- Something you know – such as a password
- Something you have – such as your phone or a token
- Something you are – such as a biometric, like a fingerprint
Most people accessing services online have relied exclusively on passwords to protect their accounts, yet passwords have proven to be a weak link on their own due to the sheer number we are asked to memorize and how effective computer programs are at cracking passwords. This is where MFA helps overcome these inherent weaknesses and better protect us all. Adoption of a second authentication factor increases confidence that the right individual is accessing the right system or service.
Typically, the second factor we use is "something we have," such as our smart phone with access to email or an authenticator app, a smart card (e.g., a Personal Identity Verification (PIV) card or Common Access Card (CAC)), or a token that generates a unique code based on a complex algorithm. More companies and organizations are offering MFA as an option by emailing you a code or using an authenticator app. In the spirit of Cybersecurity Awareness Month, if you have not done so already, I encourage everyone to set up MFA on all online accounts. It only takes a moment to do so and is one of the most consequential steps each of us can take to protect ourselves online.
Also, be sure to check out the Cybersecurity Awareness Month resources available from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) for more advice on how to protect yourself online. Lastly, please remember to "See Yourself in Cyber" because ultimately, cybersecurity begins with each of us doing our part.
Related Posts
CISO Council and CDO Council Release Joint Guide on Federal Zero Trust Data Security
Today, the CISO Council and CDO Council released the Federal Zero Trust (ZT) Data Security Guide, a first-of-its-kind document and key deliverable of OMB M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles. M-22-09 charged the Federal CDO Council and Federal CISO Council to convene a cross-agency working group of data and security experts to develop a data security guide for Federal agencies.
NCAM 2023: Protecting Yourself Online
The 20th anniversary of National Cybersecurity Awareness Month is an excellent reminder that not only are cyber threats still a serious issue, but they have also grown and become more sophisticated.
Federal Tech Day 2023: Impact Through Innovation
The Federal Chief Information Officers (CIO) Council, in partnership with the U.S. Department of Labor and U.S. Department of Energy, hosted Federal Tech Day 2023 to showcase innovative technologies developed by federal agencies to help deliver their programs' missions.