Most of us are aware that we should not openly share our passwords with anyone and should avoid reusing the same password for multiple accounts. There are also precautions like having a strong password, using an email address as your username instead of your real name, or using a password manager to store and auto-fill login credentials.
However, even with all those best practices in place, hackers are able to breach many accounts. That’s because users tend to make one mistake time and again – they use the same password for multiple sites.
So how do you protect yourself With multi-factor authentication (MFA)? This article will explain what it is, why it is essential to protect your online accounts, and how it has become essential in obtaining cyber liability insurance protection – even if you follow all the best practices mentioned above.
What is Multi-factor Authentication?
Multi-factor authentication (MFA) is a security process used to verify a person’s identity by using two or more different types of identifiers. The goal of MFA is to improve security by requiring more than one method to approve a login request. This is to prevent unauthorized access even if someone knows your username and password. We are all familiar with the term “Something you have” and “Something you know”.
MFA adds a third category, “Something you are”. This could be biometrics like your fingerprint, eye scan, or facial recognition or measuring your heart rate and/or other physiological characteristics. The three authentication factors used in MFA are: – Something you have – such as a mobile device – Something you know – such as a password or PIN – Something you are – like a biometric such as a fingerprint or retinal scan
Why is MFA Important?
The only thing that stands between a bad guy getting into your account and you is the simple password.
Bad guys have gotten extremely smart about trying to guess or steal your passwords. – Traditional multi-factor authentication can be cumbersome because it requires two (or more) different authentication methods.
With mobile device authentication (MDA), users can single-handedly complete the authentication process with just one click. Using MFA is your best defense against hackers who are trying to access your accounts. It can also protect you from phishing, account takeover, and fake password reset attempts
In recent years, ransomware attacks have skyrocketed in both frequency and severity, driving significant changes in the cyber insurance marketplace.
For a deeper dive into MFA, check out our E-Book.
Click to Download:2021-10-05.eBook Multi-Factor Authentication.V2
How Does Multifactor Authentication Work?
Additional verification information is required for MFA to work. Users are often confronted with one-time passwords (OTP) as part of the multi-factor authentication process. OTPs are those 4-8 digit codes you usually receive via email, SMS, or mobile app.
OTPs generate a new code periodically or whenever an authentication request is submitted. Codes are generated using a seed value and some other factor, such as a counter that is incremented over time or a time value.
MFA Using Text Message
This is the most common way of implementing MFA. You will receive a code via text message (SMS) after you have logged in to the website and enabled MFA.
You have to enter the code to complete the authentication process. At the time of logging into your account, you will be asked to enter your mobile number. Once you have entered your number and clicked on “Send Code,” you will receive a text message with a code. This code will be valid for a limited period of time. Once you have entered the code, your account will be verified. If you are not near your mobile device, you can simply click “Save Code” to store the code in your account. You can log in to your account at a later point and use the saved code to complete the authentication process.
MFA Using Microsoft Authenticator App
This method of MFA requires you to have an app installed on your mobile device. If you don’t have the app installed on your device, you can download it from the Google Play Store or the Apple App Store.
Once you have installed the app, you can proceed to complete the authentication process. When you log in to your account and click on “Enable MFA,” you will be guided through the process of installing the app on your device and configuring it. When you log in to your account next time, you will be prompted to enter the secret key provided by the website.
You should see a 6-digit code is generated by the app. Enter the code, and your account will be verified. You can also choose to have the app generate a time-based code for you. With this option, you will enter the code generated by the app every 30 seconds.
Protocols for Cyber Insurance Coverage
Due to heightened awareness of cyber threats, customers have to demonstrate their commitment to cybersecurity to carriers. Therefore, underwriters are paying closer attention to how companies maintain their cybersecurity and cyber hygiene capabilities, in addition to increasing coverage prices.
For example, if a company does not have Multi-Factor Authentication (MFA) or data encryption in place, they are deemed “virtually uninsurable,” and a quote is refused.
Benefits of Cyber Liability Insurance
Organizations can manage security and privacy risks through practices, policies, and procedures, but businesses must also purchase insurance to protect themselves.
Cyber liability insurance enables cyber professionals, including forensic experts, attorneys, breach response specialists, and credit monitoring companies, to respond quickly to social engineering attacks.
Coverage from cyber insurance can also extend to third-party claims alleging unauthorized disclosure of personal information or other confidential information in addition to first-party costs such as forensic investigation and notification.
Conclusion
Multi-factor authentication (MFA) is a security process used to verify a person’s identity by using two or more different types of identifiers.
The goal of MFA is to improve security by requiring more than one method to approve a login request. This is to prevent unauthorized access even if someone knows your username and password.
As a result of heightened awareness of cyber threats, more and more customers are being asked to demonstrate their commitment to cybersecurity to their carriers. Insurance underwriters are paying attention to how companies maintain their cybersecurity and cyber hygiene capabilities.
If a company doesn’t have Multi-Factor Authentication (MFA) or data encryption in place, they are deemed “virtually uninsurable.”
Take Action to Safeguard Your Company
Find out how Mason-McBride can help protect your business and request a proposal.
For helpful tips on other popular topics, check out articles on:
- Social Engineering Scams
- Decoding E&O Insurance Policy Language
- Cybercrime Targeting Small Businesses
- Cyber Coverage Exclusions
- Cybercriminals Threat to Law Firms
Article By Jamie Parry