Expert Opinion: Multi Factor Authentication in businesses is no longer optional

Amshire IT’s Dave Taylor explains how passwords alone are no longer enough to protect business systems, and how multi factor authentication can help protect data from cyber attacks.

For many years, passwords were considered enough to protect business systems.

That is no longer the case.

Cyber criminals have developed more advanced ways to steal login credentials, and organisations that rely on passwords alone are now exposed to far greater risk than many realise.

A recent cyber security investigation revealed just how vulnerable businesses can be without stronger login protection.

What the Investigation Revealed

Security researchers recently uncovered a large scale data theft campaign affecting dozens of organisations across multiple industries and countries.

Despite the differences between these organisations, investigators discovered a striking similarity.

Many allowed employees to access important cloud systems using only a username and password.

There was no second step to confirm the user’s identity.

This single weakness made it far easier for attackers to access sensitive information.

How Attackers Steal Login Details

The attackers used a form of malicious software known as information stealing malware.

Once installed on a device, this malware quietly searches for stored passwords and login credentials. It then sends that information back to cyber criminals.

The worrying part is that the infected device does not have to belong to the business.

A personal laptop or home device used to access work systems can expose company accounts just as easily.

Without additional verification, stolen passwords can be all an attacker needs.

The Surprising Problem With Old Passwords

One of the most concerning discoveries in the investigation was the age of some of the passwords used in the attacks.

In several cases, the credentials were years old.

This highlights two common security problems:

• Passwords are not always changed regularly
• Old credentials often remain valid long after they should be removed

Cyber security experts call this a latency risk. Stolen credentials can sit unused for months or even years before being exploited.

Many businesses assume that older passwords are no longer a threat. Unfortunately, that is rarely the case.

Why Multi Factor Authentication in Businesses Matters

Multi factor authentication adds a second step to the login process.

After entering a password, users must verify their identity through another method such as:

• A code sent to their phone
• An approval through an authentication app
• A biometric check such as a fingerprint

This extra step dramatically reduces the chances of unauthorised access.

Even if a password is stolen, attackers cannot log in without the additional verification.

In the investigation mentioned earlier, multi factor authentication in businesses was not enforced. As a result, attackers could log in successfully using the stolen credentials.

With MFA in place, those same login attempts would likely have failed.

Passwords Alone Are No Longer Enough

Some organisations hesitate to introduce MFA because it adds a small step to the login process.

However, the inconvenience is minimal compared to the potential impact of a data breach.

A single compromised account can allow attackers to access sensitive files, copy confidential information, or quietly monitor business activity.

One extra layer of verification can stop that from happening.

A Simple Step That Can Prevent Major Damage

Multi factor authentication in businesses is quickly becoming a standard security requirement rather than an optional feature.

It is one of the simplest ways to reduce the risk of unauthorised access.

If your organisation still relies on passwords alone, now is the time to review your security approach.