Why You Need MultiFactor Authentication

Steve Ripper and Dave Hodgdon from Portsmouth Computer Group (PCG) discuss the need for multi-factor authentication and cyber security.

Mike: Steve Ripper and Dave Hodgdon joining us from Portsmouth Computer Group. Today, we’re going to talk about something, which I think you have mentioned before many times, it’s what they call the multifactor authentication. Did I say that right? I don’t know.

Dave: Authentication. Yeah.

Mike: Authentication, yes. And this is the newest security method, especially now, since people are working from home and are people now a bigger target for cyber attacks, Dave, because they’re working from home?

Dave: Absolutely, Mike. We spoke about that before in the home environment, I don’t think we’re as keen or as I mentioned before, our guards are up. That the kids are there, you’re doing homework, you’re working from your home machine might not be as locked down as if at work. So these machines, you could be online doing some shopping, you could be on Amazon, you could be on your Facebook. There are many things that you might not normally be doing at the office. So that home machine is at a much higher risk, and I anticipate cyber attacks exploding in the next one to three months.

What is MultiFactor Authentication?

Mike: Wow. So let’s talk about this multifactor authentication here, Steve. What is it and why do we need it?

Steve: So the whole point of multifactor authentication is all of these industries, Mike, gave everybody all these log-ons. So everyone’s got these log-ons. They put their username and usually their email address and then their password. So Amazon, Zoom, you know Zoom’s big right now, your computer, the software Office 365. So you’re giving them all these log-ins, but that means that anyone else if they get your log on, can also log in as you. So the industry, we really needed a way to kind of say, “Listen, we need a second method for you to prove that you’re you.”

It’s not just enough that the password. Passwords are important. We’ve talked about having long, complex passwords instead of simple ones, but it’s really not enough. So what multifactor authentication does is it allows us to set up, you have a second device, usually your phone, everyone’s got a smartphone in their pocket these days. So it’s a perfect vehicle for this second level of authentication, where when you log in, it’s going to send you a text or code. You’re going to enter that in and that proves that you’re you and the hacker doesn’t have this second thing. So they can’t go and be you.

Mike: Now I have that here on my setup here at the radio station, and I have to have my phone though. Because with my phone, I mean, the way I set it up was I type in my password to get online and then it sends me a code through my phone. Now, if people don’t have phones, are there ways to do that as well?

Steve: There is. So a lot of times for whatever service that you’re doing this for, and you do have to do it, you can’t do it universally or globally, you have to do it for each service. So you have to go in like Amazon, you have to go into Office 365, you have to go into your bank and set it up individually. But when you’re in there, Mike, there’s going to be several choices. There’s basically three, there’s an authenticator app that you can download and that makes the process simpler. It will send it and the app will just notify you and you hit the button and you go in.

The other one is a text. So you can, as you mentioned, it’ll send you a text message and you read the number out of the text message and type it in. The third method if you don’t have a cell phone, is you can set up a phone number where it calls you, so that when you go to log in the phone maybe next to your PC will ring. You answer the phone and when you answer the phone, that is an authentication method because you’re the only one who can answer the phone, and it’ll let you in.

Mike: Interesting, interesting. So this is the way to stop the hackers because this is the two step process to get into your accounts to make sure that you are definitely you, right?

Steve: That’s correct.

Dave: Absolutely. Even last night I had one of my products I was in consistently and for some reason, I just had one of those old-timer brain seizures and I forgot what it was. So they reset it and they confirmed in my settings, it actually tried calling me and text me. I had two options and I was putting it back in, but it’s a great way, because I was looking at some accounting information and I had logged in for around three months, I thought I knew what the password was and I forgot and then reset it. But once I knew it was me, it sent me to confirm this is you. So it is what you need to do, Mike, to lock down all your, especially all your key applications. That’s what they’re looking for.

Authenticator App

Mike: Yeah. Yeah. The authenticator app, is that readily available?

Steve: It is readily available. There’s two flavors. The most used one is the Google authenticator. So again, these are free. They’re in the store, so if you’re in your iPhone store or your Android Play Store, the Google play store. So those are free. Google authenticator app is the most popular. So most of the companies that maybe don’t have their own, Mike, are going to use that one. For example, Amazon uses the Google authenticator. And so, many banks will also use the Google authenticator. Some other companies that are bigger, like Microsoft, Microsoft has their own. So if you’re doing Office 365, you can use the Microsoft authenticator.

Mike: Sure.

Steve: And then there’s a third party player where those two don’t cover it. And that’s Duo. Duo authenticator is also a free one and many companies will use that one.

Mike: Pretty good, pretty good. That’s the wave of the future, most companies have these nowadays?

Dave: Absolutely. I mean, it’s a necessity right now. You’re finding that if you don’t have it, you’re at risk. And if you’re are not using it right now, you should, especially since the Corona has hit, we’re all working from home. But it’s something you should be setting up with each of your vendors. Some vendors don’t have it built in, Mike, and that’s where some of these third parties that you can add it. Steve had mentioned the Cisco Duo. You can add their particular application to certain applications. You might have an accounting or financial that is not naturally built in.

Mike: Sure.

Dave: And then you would just add this service on top of that to give you that dual back-up authentication.

Microsoft 365 and MFA

Mike: All right. So as far as I know though from what you said the MFA is a free option with Microsoft 365 subscription. Is that correct?

Steve: That’s correct. It’s built into it, Mike, you don’t have to pay any extra. You just have to turn it on. So your IT department may have to go in and set it up, but it’s a free part of the whole thing. And it’s so critical right now, this second level of authentication. All the hackers out there, they know, so a lot of the workforce, Mike, and we’ve been talking about this through this whole event, while the workforce would get in their car and drive to the office. So they’d step inside the door of the office, sit down with their computer. So they were already protected by many of the things the networking has been putting at the office.

Mike: Correct.

Steve: The hackers know that now, so many of the people are just logging in from their home. So they’re immediately getting up. We just talked about this at the top, go downstairs, the commute is great. But the minute that they get onto their machines, they’re logging into things. And the hackers know that, so it’s so important now to start really thinking about security. Everyone’s really, the attack surface has gone global.

Mike: Wow.

Dave: And your email is such one of the biggest targets and as Steve said right there in your house, Mike, you’re not really behind a certain firewall or various layers of security. You just could be logging on your machine.

Mike: I see.

Dave: At some point, you might log into a VPN or hit your office, but your machine could have already been compromised by you doing something and then they just kind of tag along with you. So it is just, I feel my tip of the day for everyone is just be very cognizant of everything that you’re doing. Be vigilant about the emails coming in. And if anything looks suspicious contact your IT department and just don’t do things that don’t look the norm. There’s more and more creative ways these guys are trying to get to us now they know we’re vulnerable.

Mike: There you go. All right. If you want to learn more about multifactor authentication and how this can help your company and secure your data, call Dave, Steve, one of the PCG MFA security experts to learn more. They’re available 603-431-4121, 431-4121. You can check them out pcgit.com, Portsmouth Computer Group, all part of our Tech Tuesday. Thank you, Dave. Thank you, Steve. Good to talk to you again. We’ll talk to you next week. Be well and be healthy, my friends.

Dave: Our pleasure-

Steve: Thanks, Mike. Stay safe.

Dave: Our Winnebago technology van will be on your way.

Mike: I’m looking forward to that big thing. We’re going out on a road trip, but once we get the-

Dave: Road trip, baby.

Mike: Once we get the go ahead. Once we get the go ahead, we’re going on a road trip. Thank you guys.