In today’s digital world, multifactor authentication (MFA) is an essential part of a robust digital hygiene routine. However, it’s easy to become frustrated and fatigued by the growing prevalence of MFA. Constantly having to disrupt your focus to check phones, emails, or devices for codes and links can feel tiring and unnecessary. Despite this, MFA is here to stay, and its importance cannot be overstated.
As MFA usage increases, so do the tactics of malicious actors. One emerging threat is the MFA fatigue attack. This social engineering attack preys on people’s apathy towards MFA by bombarding them with multiple texts, emails, or notifications containing clickable “approval” links. The goal is to bury the real authentication link and trick users into clicking a malicious one. Unfortunately, these attacks can be effective; for instance, Uber was compromised in September of 2022.
MFA comes in three types, and it’s important to understand not only what they are, but how they are used:
- MFA Type 1: Something you know. This is the most common type, relying on PINs, passwords, or security questions.
- MFA Type 2: Something you have. This type is growing in popularity and includes sending texts, emails, or using an authenticator app or device to access an account.
- MFA Type 3: Something you are. This type involves biometrics, such as using your face or fingerprint to unlock your phone, or digital biometric locks for flash drives, computers, and other devices.
While the necessity of strong passwords is crucial, this post will focus on Type 2 MFA, as it is the most likely to cause fatigue and apathy. The extra step adds a level of inconvenience to your daily routine, and it can be tempting to skip it or find ways to avoid or disable it. However, doing so can create a weak point and compromise your digital safety.
Here are some tips to make MFA seem less daunting and more manageable:
- Build the habit: Repetition is key. After going through the process often enough, it will become a habit that you no longer think about. Consider chaining the MFA habit to something pleasant, like rewarding yourself with a sip of coffee or a favorite drink, or glancing at a photo on your phone or in your office that makes you happy. By going through the same process multiple times a week, or even multiple times a day, it will soon become second nature.
- Consider an MFA hardware token: Depending on your use case, a hardware token may help. This is a physical device that generates a one-time code or passphrase, or in some cases uses proximity or contact to allow access. A Common Access Card (CAC) is one example of this.
- Discuss with coworkers: Everyone has to go through similar processes; consider asking coworkers how they avoid fatigue and motivate themselves. Avoid sharing specific information that may allow a bad actor insight into potential MFA weaknesses, but encouraging yourself and others around you to maintain healthy digital security habits is always a positive.
MFA is an essential part of any enterprise’s risk management plan. It helps prevent unauthorized access and allows users more secure access to technology. To learn more about how Sentar can help you improve your cybersecurity infrastructure, check out our Solutions page or contact us through our website to learn more.
Stay vigilant and stay secure!
By Sentar, your trusted partner in cybersecurity.
Additional Resources: