MFA Matters

Is it really-really you? Are you attempting to make a transaction, transfer funds, access your social media account, do basically anything online these days?

During your day, at work and at home, you undoubtedly are forced through a Multi-factor Authentication (MFA) process.

In the past, all we needed to verify our identity was a username and password. We had passwords for everything; dozens of usernames and password combos to supposedly memorize. Most people opted for the same (or very close) usernames and likely a single simple password. You loved it; so did hackers.

With usernames easier to figure out, it doesn’t take long for someone to guess your password; imagine your entire bank account wiped out because you always use your favorite dog’s name and birthday as your (only) password. Oops.

“MFA or Two-Step Verification may seem like an annoying step, but it’s providing a service not only to you but to the company you’re working with,” Jeremy Ferguson, Capture Manager for Strategic Growth at PAR Government, explained. “This step makes your account more secure and protects your personal information while providing the company the first line of defense when it comes to keeping information safe.”

Jeremy, who assists the PAR Government team in expanding its client base, has his Master of Jurisprudence in Cybersecurity Law and Management from Texas A&M School of Law and a bachelor’s degree in Information Systems Security. Additionally, he has 22 years of experience with network administration and security for DoD and U.S. Navy’s most secure tactical networks.

“PAR Government employees are familiar with MFA and, as a provider of services to DoD sites, we support MFA at various locations,” he said. Whether it is an authenticator application, a passcode from a text message or a phone call verification, MFA technologies all operate similarly. When you sign into your account on a new device, application, or a new web browser, you will need to provide your username, password, and then satisfy the MFA requirement.

MFA uses a combination of two or more factors to authorize authentication:

• Who you are (biometrics, facial recognition, fingerprint)
• What you have (a randomizing PIN generator, smartphone application, or passcode)
• What you know (a personal PIN, password or secret answer)

“MFA prevents the chance of someone else using your authentication methods to log in as you,” Jeremy continued. “Hackers and thieves today have very sophisticated and undetectable means of stealing authentication information from a shared device or unprotected networks. Utilizing MFA information unique to that specific login session keeps unauthorized users from hijacking your authentication information.”

To further secure access, Jeremy offered the following tips to protect account authorization information.

DO NOT use the same username and password across all websites

ALWAYS use letters – both lower and uppercase, as well as numbers and special characters

DO NOT share your passwords with others (yes, even your Netflix password)

DO NOT write your passwords down – instead, consider a password manager

ALWAYS use MFA

DO NOT answer random questions on social media (favorite song, color, number) or participate in surveys that ask password related questions (your first-grade teacher’s name or your mother’s maiden name)

DO NOT use your first name or last name for your username unless otherwise directed

NEVER stay logged in on a shared device, close ALL browsing sessions when done

USE Incognito Mode or Private Window on shared devices

LOCK a device after a period of inactivity

PAR Government, through its subsidiary Rome Research Corporation, provides information technology services to several DoD clients. This includes helpdesk support, system administration, network administration, information assurance/systems security, database administration, telephone systems management, testing and testbed management, information technology infrastructure library (ITIL)-based service management, and engineering and installation services. For more information visit RRC Mission Operations.