Why Should You Use Two Factor (2FA) and Multi Factor (MFA) Authentication?

Two factor authentication, or multi factor authentication, is a hot topic within IT and cyber security at the moment, yet the uptake from many businesses has been slow, leaving them vulnerable to some of the most common cyber attacks. But what is it and why should you be using it?

Book A Free Cyber Security Review

— Worth £1,495 —

We’ll analyse the security of your existing IT network, your email domain, your website and, if applicable, your Microsoft 365 software to see how safe you currently are. Want to know more?

Request Your Review Main

What is Two Factor Authentication (and Multiple Factor Authentication)?

If you’ve never come across this term before then one of the easiest ways to think about it is by comparing it to how we use a credit or debit card. In this scenario we need two forms of authentication – the card and a pin number. Without one or the other, it can’t be used (we’re ignoring contactless for the purposes of this analogy!).

If you apply the same login to accessing someone’s email account then in theory we need two things again – the username, or email address, and a password. However, because email addresses are often in the public domain, or are easy to guess, it only leaves one form of authentication; the password.

If this password can be easily guessed or extracted from the user, then an account can be accessed.

Two factor, or multi factor, authentication provides a much more secure additional level of protection which requires a user to ‘approve’ a login, normally through a notification on their mobile phone. When you consider that mobile phones will have a level of protection on them too (such as a passcode or fingerprint), then we actually create multiple levels of protection on our accounts.


Why Should You Use Two Factor, or Multi Factor Authentication?

Unfortunately, as we say all too often, attempts to hack businesses are far too common and one of the most popular ways of doing that amongst cyber criminals is to ‘trick’ a user into giving away their password.

You’ve probably received an email that appears to come from someone in your address book asking you to access a file they’ve sent you. If you were curious enough to click on that email you’d be taken to a login page, normally looking like your Microsoft 365 login screen, and prompted to enter your username and password.

By doing this, you won’t access the file (there probably wasn’t one) but you will unknowingly be giving away your password, which in turn is likely to be used to send out similar emails to your address book. In the worst case scenarios your email could be monitored and opportune emails be sent from your address to unwitting customers or colleagues asking them to transfer money or download malicious files.

It’s a very simple hack, but very effective.

  1. Traditional cyber security solutions are always going to struggle to protect against a threat like this for a number of reasons:
  2. The email is being sent from a real email address, which you’ve probably had email from before, so a spam filter won’t block it
  3. The email itself contains no downloads or malicious files, so there’s nothing being activated for your anti-virus software to prevent

Even if you did send an email back to the sender to inform them of the potential problem, the hacker will have set up an email rule to automatically delete your reply, so your contact will be none-the-wiser and the hack will continue until they are told another way

By far the most effective way to stop this type of attack is through two factor authentication. That way, if a password is leaked then the account cannot be accessed without the additional approval needed.

Just like the simplicity of the attack, the solution is simple too.


Isn’t it a Huge Pain for Staff?!

This is probably the biggest objection we hear when it comes to implementing a multi factor solution.

There’s no way around it, as it does mean that every user has to take an extra step to login, but in reality it’s quick and easy (you can see how quickly on the video on this page). If users don’t want to install an application on their phone there are alternative option for this too.

In a nutshell, it’s a small inconvenience for a huge level of protection against a very common threat.


What Solutions are Available?

The most basic and essential level of protection for most businesses comes from Microsoft within the Microsoft 365 suite. This solution will protect your Microsoft account, and most importantly your emails, with a two factor authentication solution. If you have already got a Microsoft 365 subscription it is likely to be included in your package already, so it’ll only cost you in terms of the time to set it up and configure it.

To protect other things, including devices and non-Microsoft applications, there are a range of solutions available which we can provide, protecting any potential hacks against physical devices and any data within your applications themselves.

If you’d like to find out how we can help or which solution would be best for you, just request our free cyber security review on this page.

The HBP GroupWho Are We?

Our organisation consists of three businesses; HBP Systems Ltd. Kamarin Computers Ltd and Jugo Systems. HBP are based in Lincolnshire, Kamarin in Cambridgeshire and Jugo in Hampshire. Between us we cover the vast majority of the UK and work under The HBP Group name to provide a seamless service between our northern and southern offices.

About Us

We specialise in providing IT solutions and support to businesses to ensure they use technology effectively and efficiently and can focus on what they do best – running their business.

The HBP Group Structure showing HBP Systems, Kamarin Computers and Jugo Systems

Our Most Popular Cyber Security Solutions

We offer a wide range of cyber security related products and services that help businesses protect themselves from cyber crime, but if you’re looking for something specific then the following options are the most popular and widely used options…

Cloud IT Support

Anti-Virus & Anti-Malware

Protect your businesses PCs, Laptops & Servers.

  • Award-winning anti-virus software
  • Intelligent anti-malware with built-in anti-ransomware
  • Monitoring and report on network activity
Local IT Support

UTM & Firewall

Protect your business from external threats with a UTM device.

  • Block external threats and viruses from your network
  • Manage web access and block malicious websites
  • Monitoring and report on network activity
Managed IT Support

Multi-Factor Authentication

The ultimate protection for lost and hacked passwords.

  • Protect email and Microsoft 365 logins
  • Protect virtually any software with 2-factor
  • Easy to use with a simple mobile application
24 7 IT Support


Worried about staff clicking on malicious emails?

  • Train staff with regular cyber security tests
  • Send ‘fake malicious’ emails to test staff
  • Report on training and clicks on test emails
Contact 0800 0433 106 info@thehbpgroup.co.uk