Many businesses jeopardize their financial and reputational health by going without one of the most basic cyber hygiene measures: multifactor authentication. Recent high-profile hacks at
UnitedHealth Group, Microsoft and Australian insurance giant Medibank were traced to a lack of MFA, a security tactic that requires more than one identification method to log into an account. “In today’s day and age, there’s no reason not to use some form of MFA,” said Tom Hyslip, assistant professor in the department of criminology at the University of South Florida who focuses on cybercrime and cybersecurity. “Even the minimum MFA is a thousand times more secure than just a username and password,” Hyslip said. Sometimes companies see the cost as prohibitive or are hampered by legacy systems that can’t easily accommodate a multifactor approach. In other instances, small technology departments are juggling too many responsibilities to give MFA adoption proper attention. Some managers fear introducing extra steps for customers or employees conducting business.
Yet companies that sidestep MFA risk incurring the high cost of cleaning up after a hack that exploits weak account protections, as well as repairing reputational damage that follows a breach, security professionals say.
Here are some considerations for corporate security chiefs when rolling out MFA.
Know the options
Though some companies, for convenience, might contemplate SMS text messaging as a second authentication factor, security professionals generally prefer more secure techniques.
This story is from the December 24, 2024 edition of The Wall Street Journal.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.
Already a subscriber ? Sign In
This story is from the December 24, 2024 edition of The Wall Street Journal.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.
Already a subscriber? Sign In