Stop identity hacks with Multi-Factor Authentication

Phishing and stolen credentials are still among the primary threat methods in breaches, and as hackers grow more sophisticated, employees and consumers have to get smarter about the credentials they use to access digital applications. On the flip side, companies also have to focus on effectively securing access to the applications people use every day.

We’re all guilty of reusing the same passwords, but we’re also guilty of using them across both personal and corporate resources. With weak password practices being as common as they are, it’s important to implement secure tools like multi-factor authentication (MFA).

To put this into perspective, consider this scenario. An employee has a LinkedIn account, and their employer uses enterprise applications like Office 365 and Salesforce. Imagine that a hacker was able to identify that this employee works at an organization. They then log in to the user’s inbox to send messages on their behalf, opening the door to other security threats at the organization.

This type of account takeover could be prevented by implementing MFA, even if the user is using a password they use elsewhere.

Strong security measures like MFA can help to prevent these types of attacks. Today, Office 365 supports security measures such as federation and MFA to offer more secure logins.

With MFA products, your users will be redirected when logging into Office 365 to your MFA dashboard, where they enter their username and password. This time, your user must provide an additional factor to complete the login.

Mobile authenticator apps —which is one of the many factors organizations can implement—offer a simple way for end users to validate login attempts. They typically include the location, IP, and browser type that the user is connecting from to determine the risk associated with the login request, and sends a push notification when needed to verify the user.

Hackers now can’t use your user’s account because they have no way to accept the push request and falsely verify their identity.

Securing your Office 365 deployment involves more than just implementing SSO and MFA. It’s important to choose an identity and access management (IAM) solution that also includes adaptive authentication based on context. If a hacker were to try and log into your user’s account on a Tor browser, for instance, they would be denied as a result of policies that block access from Tor.

Providing an access decision based on context creates the highest form of security, without compromising the end-user experience. In an instance where a hacker tries to log in to your user’s account from a location where your business does not have an office, they would also be blocked. This is because your business has set a policy which denies access from countries in which it does not operate.

Ultimately, protecting your end users from account takeover is best accomplished when there is no password to compromise. If your user were to log in from a location where your business does have an office, there would be no box to enter a password. Your user could enter his username and be immediately taken to the next page, where he would approve the MFA prompt. In the backend, your MFA solution evaluates the device, network, and location context to deliver a secure passwordless experience.

It is so easy for a hacker to gain access to an account, so implementing MFA is a no-brainer when it comes to enterprise security. For truly robust security, an adaptive solution that can make an intelligent decision on when to allow or deny access, prompt for MFA, or provide a passwordless login experience balances the best of security and usability.

Plow Networks can help secure not just Office 365, but all your other enterprise apps.

Follow Plow Networks: Twitter, LinkedIn, Facebook, and Instagram

*This information is brought to you by our IAM partner, Okta.