- Blog listing
- What Your Business Looks Like Without Multi-Factor Authentication
What Your Business Looks Like Without Multi-Factor Authentication
Keeping your company safe in the digital age takes a number of measures. However, at some point, they come down to using effective passwords. You can use every kind of firewall and antivirus software imaginable, eventually, someone needs to pick a password that’s going to hold its own. However, if your password security attempts don’t involve multi-factor authentication (MFA), that password isn’t going to do much.
Simple Passwords Are Prevalent
It’s hard to believe anyone would be so naive in this day and age as to think that simple passwords are going to do the trick. Picking a tough one that hackers won’t be able to crack is tough enough, so what are the chances something like “password” is going to do any good?
Yet, if you’re not using MFA, chances are that a number of people in your organization are trying to fend off attacks with something so simple. Last year, six million usernames and passwords were leaked online. While this is obviously a crime, it also gave data analysts plenty to work with for the sake of surveying modern security practices.
What they found confirms that you have to have MFA if you want to keep hackers at bay. 91% of the users who were looked at were using one of the 1,000 most common passwords out there. It might sound difficult to go through that many passwords for the sake of guessing someone’s, but consider a few reasons a hacker would be happy to do this:
- There’s a 91% chance they’d gain entry
- Many work in teams, meaning the work can be parsed out
- Even if it takes a whole week to try all 1,000, it will most likely be worth it
- With a little coding, a hacker could automate the process
Of course, if they started out by trying “password” and “123456”, it might not take them much time at all. That survey we mentioned found that those two passwords accounted for 8% of the total.
All it takes is one of your employees to be this negligent with their password and anyone can get inside your network. They could have access to all kinds of sensitive materials and emails. It wouldn’t even take high-tech hacker skills to pull this off.
99% of Users Will Make an Awful Password Choice
Sadly, it gets worse. 8% of those from that survey used a password that was one of the most common 10,000 options. Again, to break this down, a hacker would only need to type in all of those 10,000 passwords once to a program and then run it on your users. Typing all of those passwords out might take a day to do, but after that, they’re going to have a 99% success rate when you consider the passwords we talked about above.If the survey is reflective of the general population, 99% of your users are doing the equivalent of hiding the key to the front door under the welcome mat. Do you still feel safe? Are you confident that your company’s private information is protected?
1 in 625
Let’s run a couple more numbers to help hammer home the point of how vulnerable your business is if it’s not using MFA. Currently, there is somewhere in the neighborhood of 2.5 billion email users in the world. Now, for the sake of argument, let’s imagine that half of those users also have jobs that come with work emails. In that case, there would be 3.75 billion accounts on the planet that are being used on a regular basis.
Recall that we mentioned there were six million username and password combinations surveyed because of a leak. Well, those only account for a scant 0.16% of all username/password combinations in the world.
If we apply the above statistics to the 3.75 billion emails out there, we now find that each user has a one in 625 chance of having already had their credentials stolen.
With more and more breaches happening every week, the likelihood of someone in your organization being victimized is increasing. Right now, if you have 625 or more people at your company, it’s probably already happened.
No One Is Above Getting Hacked
Some of you may be nursing a false sense of confidence because of the nature of your organization. You might think that your company is above the risk of getting hacked. Perhaps you have rules in place that demand your employees all choose complex passwords.
Well, first of all, most companies that get hacked do too. It’s hard to imagine any business just allowing their people to pick any password they want without any guidance whatsoever and yet, “123456” still happens.
Furthermore, plenty of very successful corporations have been victimized by digital attacks. AuthAnvil’s An Introduction to Multi-Factor Authentication makes this extremely clear with the following examples.
Look at Target, for one. They suffered a breach in late 2013 that not only made them look bad to the market, but affected 70 million customers too who had their credit card information stolen. Of course, they also lost $60 million and their stock took a beating. Before the company could fully recover, the CEO actually resigned. Evernote, one of the most popular apps out there, was hit that same year. Over 50 million of their users had to reset their passwords after hackers were able to access their private information.Before the year was over, Adobe would suffer a similar fate. The famous breach saw some 150 million people get their credentials stolen.
Smaller companies may be easier to hack, but the bigger the company, the more irresistible it seems to be as a target. Either way, if you’re a business using passwords, you have to use MFA or risk the likelihood of suffering some pretty serious consequences.
Passwords will most likely always be essential to protecting your digital assets. However, if you think a single factor is enough to keep your data safe, you’ve made a potentially costly mistake. Fortunately, multi-factor authentication is affordable, effective and easy to use.