Should I disable multi-factor authentication during the pandemic?

Should I disable multi-factor authentication during the pandemic?

Welcome to “Ask Deb from QA,” a new column from MxD.

Every week, Deb from QA — with decades of experience on the factory floor — will answer your questions to demystify and explain the digital manufacturing industry.

Please submit your questions to debfromqa@mxdusa.org


Deb: Our employees are working from home because of the pandemic, and we’re running into so many tech problems that we’re disabling multi-factor authentication. Is this a bad idea?

Yes. This is a terrible idea.

Thanks for reading, folks, see you next week!

OK, let me explain this a bit deeper. Multi-factor authentication verifies your identity by requiring more than one password before signing you into a network. For example, you may log in with a password and then have to enter another code that’s texted to your phone, just to doubly make sure it’s you and not some evil hacker. 

It’s the physical world-equivalent of having locks on your door and a security guard at your front desk. 

When you turn off MFA, you’re essentially inviting anyone and everyone to walk into your factory, roam around unescorted, and dig through your filing cabinets. Are you fine with that?

If you’re working from home, there’s also a decent chance you’re using a personal computer  —  not every organization can issue a corporate laptop. So now, you’ve exposed your company data to more risk, just as you’ve removed the extra protection of multi-factor authentication. Not good. 

Plus, your home WiFi probably isn’t as secure as your corporate network. Also not good. (Pro tip: Your home WiFi network should have a password — and it should not be “password.”) 

The thing to know about cybersecurity is you’re never 100% immune from hackers; it’s all about reducing risks. Think of MFA as using hand sanitizer or wearing a face mask. You’re increasing the odds that bad things won’t happen. 

There are some good resources out there about cybersecurity and how companies can implement safer work-from-home protocols: Check out this video and article from friend-of-MxD Brian Haugli, who once led the Pentagon’s program for cybersecurity. Brian knows what he’s talking about.

Bottom line: It’s never a good idea to get rid of multi-factor authentication, and certainly not now.

I’ve got a feeling that remote working will become more regular in our industry, even after this pandemic passes. Why not lay the groundwork now, so you can feel confident that your most sensitive data remains secure?

Assuring quality,
Deb

Watch Brian Haugli’s excellent recent webinar for MxD “Cybersecure While Working from Home,” where he gives guidance for manufacturers with a remote workforce during the pandemic. 


Deb from QA wants to hear your questions. Send ‘em to DebfromQA@mxdusa.org and she’ll answer as soon she’s done with her shift.