Introduction
WPI now utilizes multi-factor authentication (MFA) to further secure administrative users whose jobs require them to access and work with sensitive data via WPI’s virtual private network (VPN). This additional layer of defense has been proven to be effective in reducing credential theft by verifying all user identities prior to attaining access to WPI resources. (To configure multi-factor authentication, please see the Related Article.)
According to the Verizon 2018 Data Breach Investigations Report, 81 percent of incidents related to hacking leveraged stolen or weak passwords. VPNs are not immune to being exploited as well. Stolen credentials are often sold and/or shared on the DarkWeb by the hundreds if not thousands. This is why the addition of a second factor is now being leveraged to combat this scenario.
Benefits of MFA
1. Stopping Credential Theft
Beside the use of a username and password (something you know), MFA requires a second factor (something you have such as a cell
phone or hardware token) as verification that you are actually the one making
the authentication request. By denying the bad guys access to your second
factor, WPI is able to protect your account from credential theft and protect
WPI resources from malicious misuse.
2. Compliance
Securing VPN access with MFA helps achieve regulatory compliance
for standards such as PCI DSS or HIPAA. These standards require that WPI
secures all remote access to card data environments and personal health
information.
3. Identity Assurance
By requiring MFA, WPI is helping to assure the
identities of our administrative users that are allowed access to our most
sensitive data. This, in turn stops hackers and other malicious users before
they have any type of foothold in WPI’s environment.