WPI now utilizes multi-factor authentication (MFA) to further secure administrative users whose jobs require them to access and work with sensitive data via WPI’s virtual private network (VPN). This additional layer of defense has been proven to be effective in reducing credential theft by verifying all user identities prior to attaining access to WPI resources. (To configure multi-factor authentication, please see the Related Article.)
According to the Verizon 2018 Data Breach Investigations Report, 81 percent of incidents related to hacking leveraged stolen or weak passwords. VPNs are not immune to being exploited as well. Stolen credentials are often sold and/or shared on the DarkWeb by the hundreds if not thousands. This is why the addition of a second factor is now being leveraged to combat this scenario.
Benefits of MFA
1. Stopping Credential Theft
Beside the use of a username and password (something you know), MFA requires a second factor (something you have such as a cell phone or hardware token) as verification that you are actually the one making the authentication request. By denying the bad guys access to your second factor, WPI is able to protect your account from credential theft and protect WPI resources from malicious misuse.
Securing VPN access with MFA helps achieve regulatory compliance for standards such as PCI DSS or HIPAA. These standards require that WPI secures all remote access to card data environments and personal health information.
3. Identity Assurance
By requiring MFA, WPI is helping to assure the identities of our administrative users that are allowed access to our most sensitive data. This, in turn stops hackers and other malicious users before they have any type of foothold in WPI’s environment.