In this episode of the Power Up Project, we’re going to talk about:

〉What is Multi-factor Authentication (MFA)?

〉How MFA can help you avoid cyber attacks.

〉What systems you can use MFA on.


Hey, welcome back to the Power Up Project. I am your host for this episode, my name is Ben Love. Great to have you with us. Today we’re going to be talking about multifactor authentication, otherwise known as maybe two-factor authentication, MFA, 2FA, whatever, they’re all acronyms, they all mean the same thing. Basically, it means adding another authentication step in addition to your username and password to access a system.

Now it’s very simple to do, but it’s also becoming very, very important that you do this. A lot of us have got little physical dangles from the bank that are attached to our keyring and it’s got that little code that constantly changes, so if we need to do a transfer of money from our business bank account, the internet banking site will pop up another window saying please enter your code. And that’s when you need to enter that ever-changing code from your little keyring before the transfer will be authorised. That is multifactor authentication. That’s exactly what it is.

So you are already using this on your bank accounts. But what you may not be using it for is to access other pieces of software such as Xero, your cloud accounting platform or MAIB online, or any of your Office 365 environments such as your email or your SharePoint or your One Drive files

Now what we are seeing across our client base is that multifactor authentication is becoming critical to the point of becoming non-negotiable in most environments because it is the single most effective thing that we’re seeing at the moment for stopping user accounts being compromised. So what would happen if your account, if your password were to be compromised somehow by a malicious party, by a hacker we’ll call them. They would know your user name, and they would know your password, and they would then be able to log on to, let’s say your email.

They would then be able to log on to your email as if they were you. So we’re seeing a lot of things like this occur now. We have seen a couple of our clients targeted with this, but it’s also in the news. You might have heard about it. They’re calling it, well, you’ve heard the term phishing, which is an email spam type attack. And then there’s spear phishing where it’s an email that is sent to specific people and customised to try and get their attention and get them to click on a malicious link or compromise their security in some way.

Well the next step on that, that we’re seeing is called whaling. This is where the malicious parties identify the whales within your organisation, so that might be the CEO, the CFO, somebody with a particular authority. And if they’re then able to compromise, let’s say the email account of your CFO for example, then they could send emails around purportedly from the CFO requesting all sorts of activity, mainly that money be transferred to certain bank accounts. Now this actually is happening in real life. People are falling for this, and money is being lost with this particular approach.

But think about this. If the malicious party had your username and password to access your email to be able to send these emails, if you had multifactor authentication in place, if you had another little random security code that was constantly changing on your keyring or your smartphone app that you needed to enter in to your email before you could log on, then it would not matter that that malicious party had your username and password, because they would not have your randomly changing code. So what we are seeing is that multifactor authentication is really becoming absolutely critical, especially for those people in an organisation who have the most authority, who have the most access to different systems.

So what I really want to encourage you to do after you finish listening to this episode is have a think about where in your digital existence you are currently using multifactor authentication. You’re almost certainly using it in your internet banking for your business bank accounts. But are you using multifactor authentication to log on to your accounting system or to log on to your email? Or to log onto One Drive, where you keep all those HR documents. Or to log on to any of these other online platforms that are crucial to your business.

If you’re not using multifactor authentication in those places, please think about turning it on. It is very easy to turn on, there are instructions that you can very easily google, otherwise of course, call your friendly, handy IT company for help. In most cases, all it requires is a couple of setting changes to your account within the application in question, and an app on your smartphone, such as the Google Authenticator App or the Microsoft Authenticator App. And it literally is as easy as that. It will slow you down logging on to these applications by all of maybe four or five seconds, but the big leap forward that you will take in how secure your accounts are is well and truly worth that four or five seconds worth of log time.

So in summary, people, we now know what MFA is, and you now also know that it is critical that you look at your platforms, you look at what you’re using, and you turn on MFA wherever possible.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts, and until next time keep powering up.

Let's continue the conversation! Leave a comment below.