Photo: iStock

By David Stidham, Operations Manager at Cenetric, with contributions from Alicia Villegas and John McRee

One of the most common issues for our help desk right now is the use of multi-factor authenticator (MFA) apps. Microsoft has begun encouraging, and in some cases requiring, these apps to sign into its products. 

But this change has caused a bit of confusion among users who contact our help desk. Previously, an SMS text was a good way to confirm your identity, and installing a new app instead of getting a text is vexing some users. Even though it’s unfamiliar to some, an authenticator app is quickly becoming a safer, more preferred way to gain access to data.

Why SMS texts aren’t the safest authentication method anymore

First, let’s talk about the difference between two-factor authentication (2FA) and MFA. 

2FA involves verifying someone’s identity with (you guessed it) two factors. Typically, that’s your username and password plus a code that’s sent to a device you own.

If you’ve ever been sent a code to confirm your identity with your bank, you’re familiar with this concept. Your bank sends a code to your phone with a six-digit code you have to type into the app or website to gain access. It’s their way of confirming that you’re really you and not some hacker trying to impersonate you.

Photo: iStock

The trouble is, cybercriminals are finding ways to get around that, either by SIM-swapping or by intercepting your code over public Wi-Fi. Long story short: Texting codes to confirm your identity is becoming less safe — and an increasingly poor way to protect your business. 

MFA, on the other hand, uses more than two factors to determine if you’re authorized to log in, like:

• Something you know (a password)
• Something you have (a security token or your phone)
• Something you are (biometric data, like face or fingerprint recognition) 

Thanks to these factors, MFA is a multi-layered, broader approach than 2FA, better protecting your company’s systems.

Microsoft and Google make the most widely used authenticator apps, and they’re largely interchangeable. Our help desk team has noticed that one of the biggest problems is users who confuse the two. While they have similar capabilities, they operate slightly differently, so our team always confirms which app someone is using to access systems.

Why you should use MFA apps to secure your systems and data

MFA can make all the difference when it comes to protecting your business. The biggest healthcare data breach in U.S. history happened thanks to compromised credentials and access to a remote server without MFA. 

In an era when password management is generally terrible and when phishing is easier and more common than ever, enabling MFA on your most crucial systems is a must. 

But many growing businesses aren’t making MFA a priority. According to the 2024 Global Multifactor Authentication (MFA) Survey from the Cyber Readiness Institute, only 17% of SMBs have policies that require MFA to sign into most network devices, hardware and software.

When you use MFA on these systems, your business is far more protected. In an MFA study by Microsoft, virtually all (more than 99.99%) MFA-enabled accounts remained secure during the investigation period. Researchers also found that MFA reduced the risk of compromise by 99.22% in general and by 98.56% in cases of leaked credentials.

When you consider unmanaged devices like employees’ own phones, tablets or laptops, MFA becomes even more important. Without a strong Bring-Your-Own-Device (BYOD) policy that requires MFA, you could be exposing your company to a cyberattack or data breach.

Helping your team make the transition to MFA apps

New processes are always tough, especially when they seem like they’re inconvenient or getting in the way of efficiency. But, in this case, the need for protection outweighs a few seconds of lost productivity. Start by addressing these issues:

• Set a policy for which systems need MFA app access. Examples include gaining remote access to servers, accessing protected data or changing passwords.

• Train your team. While your employees might view adding MFA to systems they work with every day as a pain, through training you can make the process less confusing and cut down on repeated access attempts. 

• Give them someone to contact if things aren’t going right. Too often, growing businesses are “getting by” with one overwhelmed IT person or even a non-IT employee who’s been branded as the resident tech whiz. Neither of these people probably has the time to stop and talk a colleague through using an authenticator app. Instead, bring on help desk, co-managed or managed services to give your team the top-tier IT support they need to get their work done without a lot of hassle.

Let Cenetric guide your team to better security

You don’t have to try to set up strong MFA procedures and policies on your own. Through Cenetric’s co-managed or managed services, we can get your team on the right cybersecurity track.

And when it comes to handling daily user issues, our help desk team is always ready and waiting — our clients get a live person on the phone immediately more than 99% of the time and a response within 20 minutes if they don’t.

Cenetric has the experience to get — and keep — you covered when it comes to cybersecurity. Let’s talk about your needs today.