What Kind of Fool Am I (That Doesn’t Use MFA)?
October 7, 2020
Those of you of a certain age will remember the song “What Kind of Fool Am I?” That song was about love, but for Pete’s sake, why is it that some lawyers keep insisting that they won’t use MFA (multi-factor authentication)?
Thanks to our good friend Ben Schorr (who works at Microsoft) for sending us an August 7 Microsoft update on why multi-factor authentication is so critical. It is short, sweet and should be read by anyone who has resisted multi-factor authentication (and there’s a lot of you!).
From the post:
“When you sign into your online accounts – a process we call “authentication” – you’re proving to the service that you are who you say you are. Traditionally that’s been done with a username and a password. Unfortunately that’s not a very good way to do it. Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.
That’s why almost all online services – banks, social media, shopping and yes, Microsoft 365 too – have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing – what we call a second “factor” – to prove who you are.”
Probably the most important point is that you do not need to use the second factor every time. You can make your phone and laptop “trusted devices.” If the bad guys know your ID and password, but try to access your account from another device, they will need that second factor. Statistics show that using MFA stops over 99.9% of all account takeover attacks. It doesn’t get much more persuasive than that.