Multi-Factor Authentication: As Easy as Washing Your Hands!

By

How many times a day do you wash your hands? If you think this seems like an absurd question, and totally unrelated to security, you’re wrong… kind of. How are security and health connected? Both require good personal hygiene, a concept as familiar as washing your hands or (you guessed it!) brushing your teeth.

So, what is cyber hygiene, and how can you get better at it? Cyber hygiene can be thought of as best practices, often simple in nature, that keep your systems healthy and your data secure. These best practices are part of a defense in depth strategy — a strategy that ensures there are multiple layers of security so that if one layer fails, another will be there to protect everything. One of the most important, and simplest, cybersecurity best practices is using multi-factor authentication (or MFA, also referred to as two-factor authentication) to secure access to user accounts. MFA asks the user to take an extra step in the login process every time they log in (the hygiene part), but provides an extra layer of protection from intruders that is very difficult to get around.

MFA delivers this extra layer of protection against common security threats by requiring users to verify their identity with two or more pieces of evidence (or factors). These factors are typically something the user knows, such as a username/password combination, plus something they have in their possession, like the code from an authentication app on a mobile device.

You probably use MFA all the time without realizing it. A familiar example of MFA is the process of withdrawing money from an ATM. Your ATM card is something you have, and your PIN is something you know. See, you’re an MFA expert already!

While MFA has become the standard for securing user access in more technical circles, it’s still not widely adopted by the rest of us. Which is a shame, because MFA also protects users from some of the most common cyberattacks, such as phishing and credential stuffing. Just because you’re working from home doesn’t mean hackers are taking a break from their jobs. In fact, there has been a notable uptick in cyber attacks since the beginning of the COVID-19 pandemic.

Many phishing campaigns unfortunately target users with hooks that play on vulnerable situations, like the pandemic or challenges related to working remotely. Researchers at Google estimated that phishing websites increased by 350% between January and March 2020, and mobile phishing attacks went up by 37% this spring, according to a June 2020 report.

What’s clear is that your data is still just as valuable to hackers, even though you’re working from home. Luckily, a great way to combat common cyberattacks like phishing is by setting up MFA!

We’ll go into how to begin rolling out MFA to your users in part two of this series, but if you’re interested in learning how to set up MFA for yourself today, check out our new MFA for Admins Quick Guide.

Image of Mia Pacey next to text that says "Skills for Success: Security Management."

Hone Your Security Management Skills as a Salesforce Admin

As Salesforce Admins, we work with important data and have a powerful platform at our fingertips. But as the saying goes, with great power comes great responsibility. You, as an admin, must promote a culture of positive security controls, protect your organization’s data from unauthorized access, and be security responsible. You play a crucial role […]

READ MORE
Green meadow and text that says "Admin Configuration Kit: Security & Visibility."

Design User Security and Visibility with This Admin Configuration Kit

What’s an Admin Configuration Kit? Let’s set the scene. You’re an admin. You’ve talked to your users. You know what they want, functionally, but you don’t know how to configure it. You don’t even know what you’re supposed to configure! Normally at this point, you’d start searching Google, Help & Training, Trailhead, the Trailblazer Community, […]

READ MORE
Ruth and Cloudy having a picnic next to text that says "Learn MOAR: #5 Event Monitoring."

Learn MOAR in Spring ’22 with Event Monitoring 💻

Follow and complete a Learn MOAR Spring ’22 trailmix for admins or developers by March 31, 2022, 11:59 p.m. PT, to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Learn how to participate and review the Official Rules by visiting the Trailhead Quests […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA