Using multi-factor authentication
Multi-Factor Authentication (MFA) is the process of signing in to an account using two pieces of information. Normally this is a password and a unique code obtained from a phone. Either via a text message or from an MFA app. MFA prevents account compromise as it is less likely attackers will have access to an account password and the MFA device.
Why is it important?
Accounts are valuable. Controlling who has access to them is important, especially within the context of organisational security.
Most accounts are protected with passwords. Passwords are an example of something you know. The issue with passwords is that they can be weak, leaked or guessed.
Multi-factor authentication (MFA) requires another piece of information, something you have or are. This information is harder to compromise. MFA can be set up in various ways but they all make an account more resilient.
Priority Tier
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
Risk Mitigated
Account Compromise
Account compromise happens when unauthorised people access them.
Further reading
https://www.cybercc.gr/m/filer_public/2015/03/30/eurosec15.pdf https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/ https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa https://go.gale.com/ps/i.do?p=STND&u=bu_uk&id=GALE|A599697922&v=2.1&it=r&sid=STND&asid=ee245c71