Back to Basics – Why MFA? (pt.3) | Smart Thinking Solutions

In this third part of my MFA mini-series, I am going to look at some of the resistance that we get when trying to implement multi-factor authentication.

MFA – It is like medicine that tastes bad

In the first part of this series, I briefly explained the highlights of why MFA is a key part of any cyber security. Your own personal one-time-password (OTP) between you and the hackers. That extra security if your credentials have been compromised. So you would think everyone would be flocking to set it up…

Well no. MFA is like bad tasting medicine, you know it is going to do you good but you do not like it. Or better still MFA is the wholemeal bread when you are asked if you want your bacon* sandwich on white or wholemeal bread – you are going to order the white bread but you know the wholemeal is better for you.

People just do not seem to like MFA and this is confirmed by our support team. When they are on the ground implementing MFA there are always complaints and excuses why users do not want to use it.

This is a problem I have had to solve.

Back to Basics – Why MFA? (pt.3) — *Make MFA Work*

Some ideas to make MFA an easier fit

Here are my three top things to make MFA work for you.

Get the buy-in of your team

Explain how this will benefit the organisation but illustrate it by showing how MFA secures their Amazon account. This is usually done pre-rollout.

Explain the App

Most of our clients rely on the authenticator app installed on the user’s personal phone, so accept either Google’s or Microsoft’s authenticator app. Relating your cyber security to their cyber security will help convince them to install an app for you on their phone.

Training

Demonstrate and write down the “how to”. Make sure that MFA help is always available. Remember you need this essential security step to work all the time.

One more thing about MFA…

No matter what happens never turn off MFA for systems such as your Microsoft 365, even for just one person, no matter what the excuse is.

Phishing.

Clive Catton MSc (Cyber Security) – by-line and other articles

* Insert vegan, veggie or other meat filling of your choice here.

Summer Cyber Security Webinars

The summer webinar series has started. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.

Hack Me If You Can! What’s your excuse? – Sign Up Here

Photo by Andrea Piacquadio

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Back to Basics – Why MFA? (pt.3)