Multifactor Authentication: There’s No Cyber Security (Insurance) Without It

Multifactor Authentication

If you are in the market for cyber insurance, be prepared to document your multifactor authentication (MFA) policies and procedures. That’s because insurance companies are starting to require MFA to issue cyber insurance policies.

In a recent flyer to its customers, Travelers Insurance, noted, “99.9 percent of account compromise attacks can be blocked by MFA. 94 percent of ransomware victims investigated did not use MFA!”

We know MFA can feel like a big change, but it will feel like second nature in no time. (Kind of like how your grandmother looked at her first smartphone like it was a spaceship and now she’s sharing TikToks with your teen over What’sApp.)

What Is Multifactor Authentication (MFA)?

Multi (as in more than one) and authentication (as in making sure you are you) are clear to most people. Factor is where people stumble. To offer the best security, the factors need to include:

  1. Something  you know (e.g., a password or phrase)
  2. Something you have (e.g., security key or other token, smartphones only if they use #3)
  3. Something that can absolutely identify you (e.g., your fingerprint or retina scan)

In essence, MFA proves you have a right to sign into an account. 

Though strong passwords are constantly being urged on the internet, a computer-generated password alone is not as effective as using MFA.

MFA Is an Additional Layer of Protection

MFA adds an additional layer of security, making it more difficult for cyber criminals to access a network. IDs and passwords are the weakest link in a business’s infrastructure and are often compromised and posted on the Dark Web.

 “Passwords are growing more insecure as users connect to more systems that require a user ID and password; they tend to get lazy. They create simple easy-to-guess passwords, use the same password for different sites, share them and sometimes inadvertently give them to the attacker,” notes Travelers Insurance.

MFA is even more important now that many companies are allowing staff to work remotely and many personal devices are used to access business networks. Multifactor authentication can help reduce the potential for a network compromise caused by lost or stolen passwords. With MFA, even if cyber criminals get your login and password, it is highly unlikely they will be  able to access your network, because they don’t have the other factor(s) required for authentication.

Not All User Access Is Equal, But MFA Protects Everyone

When it comes to protecting your network, not all access is equal. Some users only have access to their files while others are admins on the whole network. Make sure your system’s users only have access to the areas they need and that your administrators both use stronger passwords and change them more frequently. And, of course, require multifactor authentication for all.

How to Set Up Multifactor Authentication (MFA)

In a nutshell, setting up MFA occurs in three steps:

  1. Set up: Log in to an account (such as online banking) and set up multifactor authentication (look under privacy settings or contact customer support if you can’t locate the setting). Set up your MFA as directed on the site. 
  2. Prompt to verify: The next time you log in from a computer or device, you will be prompted to verify by entering a code. There are a few ways to get the code based on how your MFA is set up. You may need to open an app on your phone or read it from your token device. 
  3. Enter verification (and remember): Enter the code and you’re good to go. There may be a checkbox or other option to “Remember This Device.” If you check it, you should not need to use MFA on that device again for a period of time (often 30 to 90 days). NEVER check this if you are on a public device or even using unprotected Wi-Fi.

Getting the Code: Multifactor Authentication Methods Can Vary

There are a few different ways you can receive the code you need to enter when MFA is enabled.

  1. MFA by app. If you have this choice, use it. It is absolutely the most secure option. This requires you to open an authenticator app on your phone to retrieve the code. You would have set up this app with your account when you enabled MFA.
  2. MFA by text. Slightly less  secure than using an app but is more commonly available and therefore used by many. NOTE that an MFA text message will INCLUDE the code, not ask you to click a link to get it.
  3. MFA by push notification. The least secure MFA setup, but it is still better than not using any multifactor authentication at all. 
  4. MFA by email or phone call. These options are no longer considered safe and you should not use either. Cyber criminals commonly trick people into providing access to their accounts by faking emails and phone calls. 

MFA by app (or token) is by far the most secure form of multifactor authentication. But it isn’t available on every platform or site. If it isn’t an option, MFA by text or push notification is better than not using MFA at all. As more companies make MFA by app an option available, you should move away from the text and push methods on those platforms.

Choosing the best MFA for your company is sometimes difficult. If you need to talk it over with experts on the subject,  contact us or book a meeting. We would be happy to help.

Posted in
Tim Rettig | IT Support Cincinnati | Intrust IT

Tim Rettig

Tim Rettig, Intrust IT founder and serial entrepreneur, is a tech expert, educator and tireless advocate for employee ownership. His strategic work to build partnerships with clients has made Intrust into one of the fastest growing IT companies—scoring a spot on Inc. 5000’s list of Fastest Growing Private Companies for a total of four years.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...