By Zach DeMeyer Posted January 6, 2020
Although the password is a ubiquitous security measure, recent security breaches show us that the password by itself isn’t nearly strong enough to protect the entirety of an organization. In fact, compromised credentials represent the number one attack vector hackers use to exploit businesses. That’s why adding multi-factor authentication (MFA) to Windows® system logon is one of the most important measures an IT admin can take.
What is MFA?
Multi-factor authentication, also known as two-factor authentication (2FA), requires a user to provide an additional factor beyond the usual username/password combination to supplement security for authentication processes. Some types of MFA factors include a time-sensitive one-time password (TOTP), physical token, or biometric identifier.
In other words, MFA requires end users to provide something they know (credentials/password) along with something they have (TOTP/token) or something they are (biometrics) in order to authenticate securely to a resource. That way, even if a hacker compromises a user’s credentials, said hacker will have a significantly harder time leveraging them in an attack.
Why Windows MFA?
So why are passwords the main target of attack? Security news outlet welivesecurity found that ‘12345’ and ‘password’ were among the most-used passwords of 2019. Add to that the fact 61% of people reuse passwords like these across multiple resources, and it’s no surprise that hackers utilize passwords as a go-to for exploiting organizations. Additionally, studies show user systems are the second target for cyberattacks.
In the current system landscape, Windows remains the most popular OS — the rise of Mac® and Linux® in the enterprise notwithstanding. Given the fact that passwords and systems are the two top targets for hackers, it’s safe to say that Windows system passwords are incredibly susceptible to attacks.
So, if a hacker compromises a Windows system in any way (i.e. theft), a password cannot act as a system’s sole source of protection. By adding a deliberate layer of security through MFA, admins ensure a compromised system will not present a source of ingress to the organization. Combine that with full (Read more…)