Multi-factor Authentication - the importance to you and the organization
It's very simple. We apply the "zero trust" principle here. Devices should not be trusted by default. We don't trust anyone by default. Not even a device. Whatever device you use and whatever application is involved, you have to log in with your password. And you know it. You know that you shouldn't use easy-to-guess passwords, that you often forget them if you don't keep track of them anywhere, and that there shouldn't be too many routine/similar passwords. The goal of MFA? Security! And preventing data breaches.
So how do you log in now? And what is the best way to do that for yourself and the organization? Initially, we lock out. That means we check that it's really you who wants to log in to your device. And then how we check that, we need a process for that. With Multi-factor Authentication, there are multiple ways to do that. Think of confirmation via SMS (this way is less secure, because they are more susceptible to spoofing and phishing), the mobile authentication app or logging in with your face ID or fingerprint.
TIP from Joe: always check if you made the request yourself before accepting.
Within TeamValue, for example, we also monitor with Azure Sentinel how colleagues are logging in in terms of authentication. This allows us to measure how secure our organization is in terms of logging in. It can be seen that the majority do so with the mobile app or through face ID. Want to read more about this. Check out A picture is worth a thousand words - visualizing your data. - Microsoft Sentinel 101 (learnsentinel.blog) or keep following this blog series because Hendrik will soon be taking a deep dive into monitoring with Azure Sentinel.
4 simple steps that will keep your passwords safe
We put together a short roadmap for you to check immediately if you are safe enough and otherwise that you know what to take immediate action on.
- Set MFA. Logical but still there are plenty of people who have not done this individually. Make sure you install it not only on your work devices but also on your own devices. Minimize the chance for hackers to get to your data!
- Use a Password Manager. One example is LastPass, but of course there are many others. The importance of this? You keep everything safe in the proverbial vault. Also, logging in with a Password Manager is many times faster because they are entered automatically. Win-win right?
- Then also have your passwords generated by your Password Manager. If you use such a tool anyway, let the system work for you and use the standards and password suggestions you get. The system can come up with that much better than you can and turn it into passwords with a good character and number combination. Often, the longer the password, the more time it takes for a hacker to crack it.
- Make sure your passwords are all different. Perhaps an open door, but if someone does get access to your credentials, make sure they can't just log into other systems using the same password.
Want to know more?
- LastPass reports hack, but password resets are not needed - Computer - News - Tweakers
- Security advisory warns of leaked passwords - appletips
Microsoft Defender for Cloud - MFA is worth at least 10% of your secure score
So far you found tips on what you can check as an organization and what you can do as an individual to keep your passwords as secure as possible. Did you know that Microsoft Defender for Cloud also gives you plenty of tips to get the so-called secure score up? Setting up MFA already accounts for 10% of the value. Want to know what to do as an organization for that other 90%? Then keep following this blog series in which Marco explains which other recommendations you can apply to get that ISO 9001/27001.
Last tip from Joe: MFA and Password Managers are there for a reason. Use them! Otherwise, sooner or later, you'll have your turn. And believe us, in this case, prevention is better than cure. So do you still have passwords with Hello123? Then change them immediately with your Password Manager 😉
A little chat?
Do you have a data, cloud or IT transformation challenge? We'd love to think with you. Please contact us without obligation.