How to Protect Your Accounts with Multi-Factor Authentication
MAF Image

How to Protect Your Accounts with Multi-Factor Authentication

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber-attacks.

In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. Multi-factor authentication is something many of us encounter in our online lives in conjunction with passwords. We’ll take a closer look at what MFA is, why we need it, how it strengthens identity verification, and how you can enable it with Cisco Duo.

What is MFA?
The use of username and password credentials for authentication began decades ago and worked “good enough” until cyber criminals found ways to exploit them. Those exploits continue to this day. A recent study by Cisco Duo and sponsored by ESG – Passwordless in the Enterprise – found that 76% of organizations experienced multiple account or credential compromises over the past year.

We know that passwords don’t work. Some key reasons include:

  • Users must create and remember them, so they tend to pick shorter, less complex strings, and they often require helpdesk support to fix problems.
  • They are cumbersome for users to enter repeatedly, especially on mobile devices and tablets.
  • They are shared, so not only does the user know them, but so does every site they need to log onto, which is a big risk.

Subsequently, a whole industry was created around guarding against the weaknesses of passwords in the form of multi-factor authentication.  Those “multi” factors can include:

  • Something You Know – A Password, Passcode, etc.
  • Something You Have – A Computer, Mobile Device, etc.
  • Something You Are – A Fingerprint, Face ID, etc.
  • Something You Do – Keyboard Typing Cadence, etc.
  • Some Location You Are At – Device Geolocation, etc.
  • Some Time You Are In – Time on the User’s Access Device, etc.

Aside from being inefficient and a weak form of authentication, the big problem with the “something you know” factor (namely passwords) is that it must be shared with every site where it is used for authentication and is frequently also known by cyber criminals.

Cisco Duo and MFA
Duo protects against breaches with a leading access management suite that provides strong risk-based multi-factor authentication, multi-layered defenses, and innovative capabilities that allow legitimate users in while keeping bad actors out.

For any organization concerned about being breached that needs a solution fast, Duo quickly enables strong security while also improving user productivity. It prevents unauthorized access to any application, for any user and device, from anywhere.

It’s designed to be easy to use, administer, and deploy, and to provide detailed and actionable visibility and controls. What are some of the flexible authenticators Duo offers to secure customer environments?

Biometrics – Typically associated with “passwordless authentication,” this authenticator option is the gateway to verifying via “something you are” and “something you have” (i.e., a registered device). And in conjunction with the FIDO2 standard, this is one of the strongest and most phishing-resistant authenticators available.

Security Keys – This portable “something you have” authentication method meets FIDO2 standards and gives users the flexibility to move between devices. It also gives organizations the trust that comes from knowing the user is in possession of the authenticator.

Duo Push & Verified Duo Push – This provides MFA through the Duo Mobile app on user smartphones, either with an easy touch approval or with number matching for additional phishing protection.

Wearables – Extend portable authentication capabilities through smartphones to a user’s wrist, allowing them to get the security benefits of MFA with an uncomplicated user experience.

Soft Token – Provide a one-time passcode (OTP) through the Duo Mobile app on user smartphones. Duo supports local MFA for Windows and MacOS endpoints. Soft tokens are also a good option for offline authentication.

SMS – Short Message Service (SMS) is a popular communication channel for brief messages and can be used for authentication. It is easy to implement, yet susceptible to phishing when codes are copied and pasted.

Hardware Tokens – While they were a popular “something you have” method early in the history of MFA, they are more of an alternative method these days. This is in large part due to issues with provisioning and recovery and because they are susceptible to phishing.

Phone Call – For environments with users that cannot or do not have smartphones or access to devices with biometrics, phone calls can serve as a last-resort MFA method.

In Summary
MFA is an effective way to verify user identities and protect your environment. Intuitive to configure, fast to deploy, and user-friendly, Duo MFA lowers the total cost of ownership, decreases the risk of breaches, and improves user productivity.

It allows organizations to increase security and improve experience at the same time. Duo exemplifies Cisco’s commitment to securing the enterprise: “If it’s connected, it’s protected.”

Try Duo today!
Contact Citynet for a free 30-day trial and see how easy it is to get started with Cisco Duo MFA and secure your workforce from anywhere and on any device. Give us a call anytime at 1.844.CITYNET (844.248.9638) to learn more or to set up your free trial.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

More Posts

MFA to Zero Trust Image

How to go from MFA to Zero Trust

Increased connectivity, coupled with the rise of remote and hybrid work, is prompting organizations to evolve their user access security and make strides toward a

Cybersecurity Training Image

Yearly Cyber Training Doesn’t Work

If you’re sticking to once-a-year sessions for your employees, it’s time to rethink your approach. Let’s face it, it’s likely dull and uninspiring. And if

Fact vs Myth Image

Debunking 5 Common Internet Myths

In the vast landscape of the internet, myths and misconceptions often abound, shaping our perceptions and influencing our online behaviors. At Citynet, we’re committed to

SuperPod with WiFi 6E

Plume SuperPod WiFi 6E Specs

SuperPod with WiFi 6

Plume SuperPod WiFi 6 Specs


Plume SuperPod Secs