Blog

Get the inside scoop with LoginTC and learn about relevant security news and insights.

The MFA Requirements You Need to Know About

December 12, 2022Alex Stevens

mfa requirements to know

Multi-factor Authentication (MFA) is becoming more common by the day. The United States government recently announced that it would require MFA sign-in methods for all federal agency staff. Companies are now requiring that users sign in via MFA rather than just using a username and password, and many cyber insurance policies also require that you use MFA. 

The importance and prevalence of MFA is only growing as the world becomes even more digital; it’s vital you understand it when thinking about how best to secure your business network.

What is MFA?

MFA requires users to provide at least two distinct forms of authentication. MFA is a massive improvement over many other types of authentication and Microsoft estimates that about 99.9% of account attacks could be prevented by any company that adopts MFA.

What Are the Governmental MFA Requirements?

In May 2021, President Joe Biden signed an Executive Order forcing the government to “adopt security best practices [and] advance toward Zero Trust Architecture”. Within 180 days of the order being signed, the US government made 2FA a legal requirement for all government agencies. 

In January 2022, the White House issued the Federal Zero Trust Strategy to extend the Executive Order. The strategy outlines steps that US agencies must take to adopt a zero-trust approach, which will drive federal cybersecurity over the next two years. 

It advises agencies to migrate from security processes that “verify once at the perimeter to continual verification of each user, device, application, and transaction”. It also makes clear that “This strategy places significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA)”.

The CISA Cybersecurity Advisor Committee report in June 2022 found that adopting more stringent MFA compliance requirements was one of the main ways in which the nation can improve its security and should be prioritized by all organizations. 

The report recommended that the government’s “more than a password” MFA campaign, aimed at raising awareness of MFA amongst the public, be rolled out faster. They said there should be a greater emphasis on the benefits of MFA and that more should be done to dispel the myth that enabling and using it is difficult. 

They also said that steps should be taken to ensure that all companies working with the federal government fully adopt MFA by 2025 and that the government should work closely with small and medium-sized businesses to help them move beyond passwords.

Is MFA Required for Cyber Insurance?

MFA is now a mandatory requirement for many cyber insurance policies out there. 

MFA attestation forms, which ask companies how they’ve secured their networks, are also becoming more common; if you don’t implement MFA, you risk non-renewal or a massive increase in the premium. This decision is understandable, given that cyber insurers have seen claims skyrocket as ransomware attacks continue to grow.  

Which Companies Are Using It?

With the spike in cybercrime over the past two years, MFA adoption has accelerated greatly. CyberEdge’s 2022 report found it’s now used by 57% of companies, with 32% planning to adopt it in the next year. These companies include big players in the tech industry like GitHub, Google, and Salesforce.

GitHub

The software development site, GitHub, has announced it will make 2FA mandatory for all users who want access to code repositories by the end of 2023. Users will have to provide a correct username/password combination and then provide further authentication via a text message or a mobile app. 

Given that it stores the codebases of many companies and government agencies around the world, some say the end of 2023 isn’t soon enough. However, GitHub making MFA compliance compulsory for all users, shows how important and effective they believe it is.

Google

No longer willing to wait for users to get on board, Google started automatically enrolling users into MFA services. By the end of last year, 150 million users and 2 million YouTube creators had second-factor authentication enabled on their accounts. 

Google now prompts MFA enablement for new users at the time of account creation, and soon it will turn off the ability to disable 2FA in many accounts. 

Salesforce

From the start of February 2022, Salesforce began requiring all customers to enable MFA to be able to access their products. They believe customers should implement the best security and industry-standard practices, and that MFA is at the top of this list. They also say that with the ever-ongoing cyber security arms race, having the most up-to-date forms of security in place reduces the threat to both them and their customers.

How Can You Start Using MFA?

The requirements for businesses to use MFA are increasing and are only going to grow over the next few years. With its ability to prevent theft and hacking, as well as the requirements to have it from the US government on the horizon, it’s never been more important to implement MFA in your organization. 

LoginTC offers a comprehensive MFA solution to help you meet regulatory compliance requirements whilst improving productivity and the user experience. LoginTC will help you do all this and get you up and running quicker than anyone else, all at a reasonable price.

Start your free trial today. No credit card required.

Sign up and Go