According to the USA’s own nationwide Cybersecurity and Infrastructure Security Agency (CISA), the number one type of cybercrime in the United States is the “imposter scam”, with 1 in 5 people reporting financial loss after an incident. To be clear, the imposter scam is essentially a situation where a malicious online actor steals or coopts their victim’s identity with the hopes of extorting them (or an affiliated organization) at a later date. And, as email addresses are usually the key to unlocking most types of personal information online (from social media accounts to gaming servers and individual shopping baskets), cybercriminals often try to hack and steal a personal (or work) email first.
It is for this reason that, in recent years, cybersecurity specialists around the world have recommended that businesses and personal users alike implement multi-factor authentication protocols on their email accounts (and wherever else possible). Equally, businesses and individual users have also been advised to use email clients that have robust email authentication/validation policies in place, in order to protect themselves from incoming phishing messages from spoofed servers. If you’re concerned that you or your business is not using multi-factor authentication protocols or secure email validation policies, then read on to find out more about both.
What is Multi-Factor Authentication?
Multi-factor authentication, sometimes shortened to simply MFA, is a cybersecurity practice that enables multiple levels of security checks before a user is given access to a certain system. In the case of an email account, users might be prompted to enter one or some of the following: an additional password, a code from a secure SMS, or an answer to a predetermined security question. MFA is mainly used to stop hackers and other malicious online actors from accessing online accounts with stolen credentials.
Other types of multi-factor authentication include:
- Voice Messages: a secure and automated call made to your mobile that contains a passphrase or one-time code.
- Push Notifications (with or without number matching): non-number matching push notifications usually take the form of a notification on your mobile or tablet device that requires an interaction, such as asking the user to enter numbers from the notification into an online application to approve the authentication request.
- One-Time Password (OTP): OTPs are a token-based system that sends a unique and one-time password to a secondary email, a mobile phone, or a tablet securely. They are usually operated by your email client or provider and involve the user entering a one-time password in an allotted timeframe. They can also be generated by certain forms of secure hardware and usually consist of between four and twelve numeric digits.
- Public Key Infrastructure (PKI): these are the underlying sets of hardware and software that use a two-key asymmetric cryptosystem to encrypt, exchange and validate data using digital certificates.
- Fast Identity Online (FIDO): using a FIDO authenticator, users gain access to a system via technologies such as a fingerprint reader, a button on a second–factor device, a securely–entered PIN (usually, on an external device), voice recognition, retina recognition or facial recognition software.
Why Should You Use Multi-Factor Authentication for Your Emails?
Cybercriminals have devised more and more sophisticated ways to hack your password over the last decade, meaning passwords (no matter how strong) are fast becoming not enough. If multi-factor authentication isn’t available on your system, we recommend that you use a strong password (10-12 characters long, containing a mix of special characters, numbers, uppercase, and lowercase letters), never reuse a password string and store all of your unique passwords in a Password Manager or Vault, which encrypts your passwords stored on your local machine or online. So, even if a breach occurs on your system, your passwords will be unintelligible to hackers and other malicious online actors.
Additionally, multi-factor authentication reduces the chance of a brute-force attack because its validation processes often take place on a separate device, meaning the hacker would have to gain access to more than one device before gaining access to your personal information. With around 50 to 60% of data breaches resulting directly from stolen login credentials, multi-factor authentication is one of the best ways to defend your system and have your business meet evolving compliance standards.
How to Implement Multi-Factor Authentication
In many of today’s modern software portals and email clients, multi-factor authentication is either turned on as standard or requires a simple setting alteration in the security preferences of the respective interface.
A very basic application of MFA would be using it on your system’s admins and privileged users. However, MFA should be deployed on a wider scale and be used by all members of your business (or family), including on any hardware or software that’s being used by them on the premises or abroad. An effective MFA implementation should include three verification components:
- Something the user is: this is a form of biometric security protocol, such as fingerprint or facial recognition software.
- Something the user has: this is often an OTP in an SMS or notification sent to a mobile or tablet device.
- Something the user knows: this encompasses passwords, passphrases, and memorable answers to personal questions that only the user would know. The key problem here is that any of the above should not be easily guessable or be drawn from any existing information already online (for example, on social media). To learn more about what makes a good, memorable answer and passphrase, you can read our article on passphrases here.
What is 2FA or Two-Factor Authentication?
Two-factor Authentication, sometimes referred to as 2FA, two-step verification, or dual-factor authentication, is a form of multi-factor authentication that requires two types of verification procedures before a user can gain access to the desired system.
What is Email Authentication?
Email authentication, sometimes known as email validation, is a group of standards that aims to stop emails sent from forged senders, also known as spoofing. The most popular and most secure email clients tend to use three different sets of standards to verify incoming emails: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These standards check if the message from @domain.com is in fact from the stated domain.
To be more precise, DMARC is used to verify the “From” address is in fact legitimate and accurately displayed, SPF specifies the servers that are permitted to send email from your domain and DKIM adds a digital signature to emails so that the receiving mail servers can verify the sender more easily.
As a result, these standards allow email clients to filter out and block spam and phishing emails from scammers more easily. However, as these standards are optional, smaller email clients do not implement them, leading to numerous incidences of spoofing and online forgery.
How to Implement Email Authentication
Many of the most popular email clients already have SPF, DKIM, and DMARC standards implemented as a normal part of their software. If you need to set them up manually on your client, you will need to edit and add additional DNS records for all three of the standards. Luckily, However, this can be a complicated procedure and should be handled by someone with a high level of computer literacy or a dedicated IT professional.
For an added extra layer of security, whether it’s for your business or personal system, we recommend using Kaspersky’s VPN connection software. VPNs allow you to connect to your company’s assets and servers remotely via an encrypted digital tunnel. This tunnel protects your system from the potential dangers of public Wi-Fi and unsecured internet connections when you’re on the move. If you’d like to learn more about how VPNs work, read our dedicated article.
Even though multi-factor authentication methods are one of the best ways to defend your personal or professional systems against breaches from malicious actors and other online threats, it is not 100% secure. For an all-inclusive and award-winning cybersecurity system (with remote assistance, existing threat removal and 24/7 support) that offers you the best defense against the ever-evolving world of cybercrime, try Kaspersky Premium today.
Related articles:
- What are Password Managers and are they Safe?
- What is Spoofing and How to Prevent it?
- IP Spoofing and Spoofing Attacks
- What is a VPN and How Does it Work?
- How to Stop Spam Emails?
- Email Encryption and How to Encrypt Emails
Recommended products:
