Inescapably, and quite rightly, we encounter many ways to access our online accounts each and every day. Our emails, text messages and other personal, device-led accounts are usually quick to let us in. But where we are accessing third party accounts such as the bank, retail and medical information (for example), we have to jump through a few hoops.
What is multi-factor authentication? Otherwise known as multi-factor authentication, these hoops might arrive in the form of a texted code, some security questions, a code via an authenticator app and other means. At some point in the not-too-distant future, multi-factor authentication will become mandatory.
Is MFA mandatory? Within Docsafe we employ several layers of security. Currently our multi-factor authentication is either mandatory or opt-out. This means that you can offer your own clients the choice of incorporating it or not. We’ve created the option as some clients prefer not to insist on it for their own clients. Some of the reasons include speed of access, interrupting their workflow and, yes, it adds another stage to the access process. However, we don’t believe that any of these reasons are good enough to beat that of having your account secured with the ultimate weapon against criminal cyber activity.
Why worry? Data leaks happen and that means that our passwords are vulnerable. And as we often have the same password for a number of accounts it’s obvious that a data leak will expose your password and potentially open the floodgates to your whole online life. Dramatic? No, it’s honestly highly realistic. Cyber criminals can run your password through software to see if they can get a match with popular sites such as PayPal, Amazon and other data-rich entities.
We say… Because of this we like our clients to actively encourage theirs to adopt a gold standard approach and make multi-factor authentication a mandatory part of using Docsafe. It’ll become law at some point so why not jump aboard now?
Having a second stage in the access process means that if someone does get your password by nefarious means they still can’t get to your content without the second part of the security procedure. It literally takes seconds to be safe and protect hackers from doing their worst.
As a Docsafe user, here are your options when talking about MFA with your clients:
1 Make it part of the sign up process – mandatory, closed discussion
2 Make it optional – but state a date by which it will become mandatory
3 Make it optional – and wait for MFA to become mandatory by law
In the interests of security and lack of discipline around personal passwords, we say make it mandatory with your client care at the heart of all your explanations.