Multifactor Authentication

As noted in our post, Understanding Your Cyber Coverage, minimum standards must be in place in order for you to be eligible under the Mandatory Cyber Program. This includes:

• Backup Controls

• Patching

• Anti-Virus/Firewalls

• Multifactor Authentication (MFA)

• Email Scanning

• Employee Awareness Training

While all these minimum standards are vitally important and should be seen as good practice for any firm or organization, our focus for this post is on multifactor authentication (MFA), also called two-factor authentication (2FA).

MFA is an authentication method that requires the user to provide two or more verification factors to gain access. This security enhancement requires two credentials. For example, a password plus a phone or app code required to prove your identity to gain entry. MFA must be enabled on email accounts and for remote network access (also known as VPN or Virtual Private Networking, or remote desktop access).

MFA is required because hackers are gaining unauthorized access to networks by stealing login credentials, often times through phishing. By requiring multi-factor authentication, you drastically reduce the likelihood of an unauthorized third-party in possession of a username and password from accessing your computer email and network.

Looking for help setting up MFA?

• If you use Office 365, click here for instructions on setting up MFA.

• If you use Gmail, click here for support on MFA.

• If you use an email system other than Microsoft or Gmail, you should contact your service provider for guidance on turning MFA on.

The Law Society of Saskatchewan Bite-Size CPD also has two useful episodes to assist:

• Two-Factor Authentication (Episode 9)

Even if you use good passwords, there is a way of locking down your accounts even more. In this edition of Bite Size CPD, Craig Zawada, Q.C., discusses what 2FA is, and why it is so effective.

• Are You Using the most Secure 2FA? (Episode 81) 

Multi-factor/two factor authentication is one of the best ways of locking down your accounts against attackers. But some forms are weaker than others, and this episode of Bite Size CPD discusses how to maximize your protection.