Multi-Factor Authentication: As Easy as Washing Your Hands!


How many times a day do you wash your hands? If you think this seems like an absurd question, and totally unrelated to security, you’re wrong… kind of. How are security and health connected? Both require good personal hygiene, a concept as familiar as washing your hands or (you guessed it!) brushing your teeth.

So, what is cyber hygiene, and how can you get better at it? Cyber hygiene can be thought of as best practices, often simple in nature, that keep your systems healthy and your data secure. These best practices are part of a defense in depth strategy — a strategy that ensures there are multiple layers of security so that if one layer fails, another will be there to protect everything. One of the most important, and simplest, cybersecurity best practices is using multi-factor authentication (or MFA, also referred to as two-factor authentication) to secure access to user accounts. MFA asks the user to take an extra step in the login process every time they log in (the hygiene part), but provides an extra layer of protection from intruders that is very difficult to get around.

MFA delivers this extra layer of protection against common security threats by requiring users to verify their identity with two or more pieces of evidence (or factors). These factors are typically something the user knows, such as a username/password combination, plus something they have in their possession, like the code from an authentication app on a mobile device.

You probably use MFA all the time without realizing it. A familiar example of MFA is the process of withdrawing money from an ATM. Your ATM card is something you have, and your PIN is something you know. See, you’re an MFA expert already!

While MFA has become the standard for securing user access in more technical circles, it’s still not widely adopted by the rest of us. Which is a shame, because MFA also protects users from some of the most common cyberattacks, such as phishing and credential stuffing. Just because you’re working from home doesn’t mean hackers are taking a break from their jobs. In fact, there has been a notable uptick in cyber attacks since the beginning of the COVID-19 pandemic.

Many phishing campaigns unfortunately target users with hooks that play on vulnerable situations, like the pandemic or challenges related to working remotely. Researchers at Google estimated that phishing websites increased by 350% between January and March 2020, and mobile phishing attacks went up by 37% this spring, according to a June 2020 report.

What’s clear is that your data is still just as valuable to hackers, even though you’re working from home. Luckily, a great way to combat common cyberattacks like phishing is by setting up MFA!

We’ll go into how to begin rolling out MFA to your users in part two of this series, but if you’re interested in learning how to set up MFA for yourself today, check out our new MFA for Admins Quick Guide.

How to Use UX Principles to Shape Your Security Model

How to Use UX Principles to Shape Your Security Model

Congratulations! Your organization, Awesome Admin Automotive, made the investment in Salesforce. You’ve absorbed so much great content and can’t wait to dive right in and try out all the new bells and whistles! While it’s a very exciting journey ahead, as Simon Sinek’s book “Start With Why” suggests, it’s important to first take some time […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?