Multi-Factor Authentication is Not an Option!
If you’re like me and like things simple, then you can relate to my story. You wake up in the morning, make a cup of coffee, turn on your new laptop, and catch up on the news, before you start your day. You decide you want to order something. So, you go to sign into your favorite shopping website, that you have been on a hundred times before, and that is when it happens. You enter your username and password but it prompts you for addition security information. This is so annoying. This is Multi-Factor Authentication (MFA). It may be annoying but let me tell you, Multi-Factor Authentication is not an option.
Why is multifactor Authentication important?
Without it, you are more vulnerable to having your identity or sensitive information stolen, because there is only one layer of protection. To this point, If someone or something, other than you, is trying to sign into your account, they only need your username and password, to gain access.The combination of a username and password is considered one factor of authentication. However, by adding other forms of authentication, you add more layers of protection. This is referred to as Multi-factor Authentication.
Multi-factor Authentication works by adding one or more unique pieces of information to your account. This is information that only you have exclusive access to, or have knowledge of, like an answer to a specific question, email account, or mobile phone. In order to get access to your account, you need to enter this additional information at time of signin. In turn, each thing added, makes it more difficult for someone else to access your sensitive information. Therefore, by adding this additional layer of security, you make access to your information better than just your username and a strong password.
How do you know that you have Multi-Factor Authentication turned on?
For some sites, like banking websites, MFA is not even an option, it is always required. For other websites, there are a few methods that you can use to see if that site is using MFA. The first method is to simply check the settings on that site. The location of the MFA setting are site dependant. But, most of the time, these settings are where you would expect to find them, somewhere under your user profile. The second method is to sign into that site with a new device. When it prompts you for additional security information, you know MFA is on.The final option that I propose is to clear your “Cookies” for that site, then sign in and see if you are prompted for additional security information.
If MFA is available and on then you are done. If MFA is not available and the site wants to store information, that you may not feel comfortable if it is released, then find an alternate solution. Otherwise follow the site instructions and turn it on.
What about at work
When you are looking at your automation information remotely, you need to be utilizing both Multi-Factor Authentication (MFA) and encryption. Make sure all your solutions for remote access; including software applications, cloud based, application, or add on web solutions, incorporate both of these. For an industrial, cloud based solution, MFA is mandatory.
Achieving this level of security for an industrial application is very challenging, especially if you are working with an older system. Some local automation specialist can help implement a secure solution and some have very little experience when it comes to the proper implementation of a remote monitoring solution. Select your solution carefully.