InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October 14. Access Control : (Multi-factor authentication)
"A graphic announcing 'October is Cyber Security Awareness Month,' with text explaining the importance of creating a cyber emergency contact list in preparation for a cyber attack. It also includes a 'Cyber tip' to assess passwords, turn on MFA, and review critical accounts, especially email. A shield icon with a checkmark and a lightbulb icon are visible."
Information/Cyber Security

October 14. Access Control : (Multi-factor authentication)

Multi factor authentication is considered the most impactful single step you can take to strengthen your access control to digital accounts, systems and data. While a strong password is your first line of defence, MFA adds a critical second (or more) layer of verification, making it much harder for cyber criminals to gain unauthorised entry, even if they've stolen your password.

So, what exactly is MFA? It's an authentication method that requires a user to provide two or more different "factors" to prove their identity before being granted access to an account or system. These factors typically come from three distinct categories:

  1. Something You KNOW: This is your password, PIN, or a security question answer.

  2. Something You HAVE: This refers to a physical item in your possession, like your smartphone (to receive a code or push notification), a hardware security key (like a YubiKey), or a smart card.

  3. Something You ARE: This involves a unique biological characteristic, such as a fingerprint scan, facial recognition, or a voice print (biometrics).

By combining at least two of these different types of factors, MFA creates a significantly stronger barrier against unauthorised access. For example, if an attacker compromises your password (something you know), they would still need to possess your phone (something you have) or somehow bypass your biometric scan (something you are) to log in. This layered approach is incredibly effective at thwarting common attacks like phishing, credential stuffing, and brute-force attempts, making it a non-negotiable for securing any valuable online account. Enabling MFA is often free and straightforward to set up, and it provides an immense boost to your overall cybersecurity posture.

MFA Explained Simply:




It's generally accepted that MFA is likely to prevent upwards of 89% of cyber breaches.

How MFA enhances Access Control:

  • Elevated Security for All Accounts: By requiring a second factor, MFA protects not just your most sensitive accounts (like banking), but also your email, social media, cloud storage, and work systems, all of which are common targets for attackers.

  • Mitigating Password Compromise: If your password is leaked in a data breach or guessed, MFA acts as a vital barrier, preventing the attacker from logging in. This is why it's a non-negotiable for anyone serious about digital security.

  • Securing Remote Access: For organisations, MFA is paramount for securing VPNs and cloud application access for remote workers, ensuring that even if an employee's home network is compromised, their corporate login remains secure.

  • Protecting Privileged Accounts: Accounts with elevated access (administrators, IT staff) are prime targets. MFA on these accounts is essential, often with stronger methods like hardware security keys, to prevent attackers from gaining widespread control.

Enabling MFA wherever it's offered – for personal accounts and across all organisational systems – is a proactive step that moves your access control strategy from basic to robust. It's often free, straightforward to set up, and provides an immense boost to your overall cybersecurity posture.

Schools and colleges should look to the DfE Digital Standards as setting up MFA is a requirement in the DfE Cyber Security Standards.  Cyber Security is now one of the statutory standards which organisations should look to comply with by 2030.


💡Today's Cyber Tip: Check where you could configure MFA!

Today, take 5 minutes to enable Multi-Factor Authentication (MFA) on your primary cloud storage service (e.g., Google Drive, Dropbox, OneDrive, iCloud). This protects your synced documents and photos, which are often highly personal and critical.


We have several articles covering password security and access control:
{article title="Passwords – simplifying the approach"}[link][title][/link]
[readmore]{/article}
{article title="A guide to multi-factor authentication"}[link][title][/link]
[readmore]{/article}

We also have a Password Best Practice Area.
Drip Feed posters: 
pdf Create a strong password - DOs and what to avoid
(121 KB)
pdf Keep it strong - keep it long(132 KB)

pdf HH Leave it Lock it(143 KB)

DPE Knowledge Bank Guidance and Support:


For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress: 

   

Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:



Why not have a look at our 'specialist' trainer Harry the Hacker :



©2025 Data Protection Education Ltd.

Search