What is “MFA”?

• Multi-Factor Authentication “MFA,” also known as Two-Factor Authentication, is a process that adds security for password-protected accounts.
• It requires additional information to access the account in addition to the initial password
• The three most common authentication factors are the knowledge factor, the possession factor or the inherence factor.
• Knowledge factor authentication usually requires that a personal security question be answered. This can be done by passwords, four-digit personal identification numbers (PINS) or one-time passwords (OTP).
• Possession factor authentication requires a specific item to log in, like a badge, key fob or phone subscriber identity module (SIM) card. For mobile authentication, a time sensitive code or a push notification can be sent to a mobile device, such as a cell phone. Text messages and phone calls sent to a desk phone can also be used to send the code as well as smartphone OTPs or SIM cards and smart cards with stored authentication data.
• Inherence factor authentication uses biological traits to confirm identity to These can include: retina or iris scan, fingerprint scan, voice authentication, and facial recognition.

Why should you use MFA?

• Accounts are 99.9% less likely to be compromised if protected by MFA. With MFA, even if a cyber attacker steals your password through a phishing scam or using malware that logs keystrokes, the attacker can’t access the account because they don’t have the second code.
• The OBLIC Cyber Toolbox lists Two-Factor Authentication as a top solution for additional protection to reduce email compromise and ransomware damages.
• Most insurers offering cyber liability insurance require businesses to use MFA to qualify for coverage.
• Corporate clients may require law firms to use MFA to protect the client’s confidential information as recommended by the Association of Corporate Counsel in the Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information.

What can you do?

• Look at security settings for your most-used accounts for options to enable MFA. Google, Microsoft, and Apple all offer tutorials for enabling two-factor authentication on their accounts.
• If MFA is not available as a security option on your accounts, find a MFA software provider. You can set up a free consultation with our cyber security liability partner, Tokio Marine to find a qualified provider.
• Enable MFA security options or install MFA software on your devices
• Train all lawyers and staff
• Visit OBLIC Cyber Toolbox for training videos and sample policies

For more information, check out these resources:

• Multi-Factor Authentication Guide
• Walk This Way to Enable MFA
• Five Steps to Securing Your Identity Infrastructure

As always, if you have any questions, please contact us. We are here to help.