9 minute read
TECHNOLOGY
Multi-Factor Authentication: a necessity in today’s world
From the perspective of data security, today’s world is an extremely dangerous one. It is hard to go a single day without hearing about yet another data breach, a phishing incident or some other form of security nightmare. Yet virtually all of us have a simple and highly effective security option available in the form of multi-factor authentication (MFA). In this article, we explore MFA and how and why you should implement it to improve the security of your data and reduce the likelihood that you will become yet another victim.
What is multi-factor authentication?
MFA is a security protocol that requires you to log in (authenticate) to a website or application by using more than just your username and password. With MFA in place, you
By Thomas G. Stephens, Jr., CPA, CITP, CGMA
authenticate to a website or other application by using at least two of three of the following: 1. Something you know, such as a username/password combination. 2. Personal characteristics, such as a fingerprint, retina scan or facial recognition. 3. An item that you have in your physical possession, such as a key fob or a smartphone. A common form of MFA in use today begins by entering a username/password combination to log in to a website. Upon doing so, the user receives a numeric code on their smartphone and then enters that code into the website to complete the process of authentication. The advantage to MFA in this scenario is that someone attempting to hack their way into the user’s website would not only need to know the username/password combination, but they would also need to have the user’s smartphone in their physical possession in order to receive the text message that completes the authentication process. While this is not an
impossible scenario, it is a far less likely one than the hacker knowing only the user’s username/password combination. As a result, the risk of the hacker accessing the user’s account is diminished significantly.
Which apps and services offer multi-factor authentication?
Maybe a better question is “Which ones don’t offer MFA?” because virtually all websites and applications that provide access to sensitive data today offer it in some form. For example, most banking and other financial websites support MFA as a means of making it more difficult for a hacker to gain unauthorized access to an account. Similarly, many accounting applications — both Cloud-based and desktop/ server-based — also offer MFA as a means of providing advanced security for the information stored in the database. Many mobile apps also offer MFA as a means of enhancing security. Even Windows 10 offers MFA as a security option through its “Windows Hello” feature. With this tool, users can log in using traditional username/ password combinations, PIN codes, fingerprint scans or facial recognition — or some combination of these factors. Further, Windows 10 allows users to pair their Bluetoothenabled smartphones to their computers so that if the smartphone is out of range of the PC, the PC automatically enters Device Lock status.
How do I activate multi-factor authentication?
The process for enabling MFA will depend upon the application or service in question. However, in general it will be necessary for a user with administrative rights or privileges to activate MFA for an application or service in use by a business. For example, an Office 365 administrative user can enable MFA for a single Office 365 user or for all users in an organization. On the other hand, an individual user can enable MFA on their banking website (assuming this feature is offered by their bank) by modifying their settings on the site. Notably, virtually all websites, applications and services through which sensitive information can be accessed offer some form of MFA today.
What should I do if multi-factor authentication is not available?
If a website, service or application that you use does not offer MFA, you should contact the publisher or provider to ensure that MFA is, indeed, not available. If it’s not available and you are committed to continuing to use that website, service or application, then you should ensure that you adhere to the principles of strong passwords, which include the following: • Passwords should be at least 12 alphanumeric characters in length. • Never write your passwords down or share them with anyone. • Change your passwords immediately if you suspect they may have been compromised. • Use a separate password for each website, service or application you access. From a practical perspective, most individuals simply cannot comply with the guidelines outlined above; to that end, password management tools such as Roboform, LastPass, KeePass, Dashlane and Zoho should be used to help manage passwords. Remember, if the websites, applications and services you use do not support MFA, the security of your sensitive data will be determined almost solely by the strength and security of your passwords. This is not a time to be lax with your passwords!
Summary
Data security is a top-of-mind concern for all business professionals today. Yet, all too often professionals do not take advantage of the tools that are available to them — such as multi-factor authentication — that can strengthen data security. To the extent that you have access to MFA, ensure that you activate this feature everywhere so that you will reduce the chances of becoming yet another victim of a data breach. Remember, cyber criminals are always looking for the path of least resistance; and enabling MFA will make that path more difficult, if not impossible, for them to travel in order to steal your data.
Thomas G. Stevens, Jr., CPA, CITP, CGMA, is a shareholder in K2 Enterprises (www.k2e.com), where he focuses on creating and delivering content and is responsible for many of the firm's management functions. Contact him at tommy@k2e.com.
Wayne W. Demuth, CPA (1940 – 2020) Wayne W. Demuth, CPA, age 79, passed away on Monday, Feb. 24. A graduate of Loyal High School, Demuth enlisted in the United States Army after graduation. Following his service, he earned a bachelor’s degree in accounting from UW–Madison. Demuth worked as a CPA for Smith, Demuth & Black in Lake Geneva. He volunteered at FHN Memorial Hospital in Freeport, Illinois, and voluntarily prepared taxes at the community’s Senior Resource Center. He was a member of Faith United Methodist Church in Freeport; the Harvard, Illinois, Moose Lodge; and the Lake Geneva Kiwanis Club. Demuth is survived by his three children, six grandchildren, and other relatives and friends.
Thomas R. Shannon, CPA (1960 – 2020) Thomas R. Shannon, CPA, passed away at the age of 60 on Wednesday, March 11, after a three-month battle with cancer. Born in Portage, Tom grew up in Pardeeville and graduated from Pardeeville High School in 1978. He attended UW–Eau Claire and earned his bachelor’s degree in business in 1982. After graduating, he attained his CPA designation and worked for Bauman Associates CPAs & Advisors. In 1987, he was hired by John Deere Financial and served as a compliance officer there for 33 years. Tom was an active member of St. Olaf ’s Parish in DeForest for 30 years, serving as a eucharistic minister and a member of the environment committee. He is survived by his wife, Susan; a son and daughter; and many other loving family members.
Donald C. Wrobbel, CPA (1934 – 2019) Donald (Don) Wrobbel, CPA, died Oct. 16, 2019, at the age of 85. Don was raised in Milwaukee and graduated from Messmer High School. After serving in the U.S. Army, he attended Concordia University and earned his degree in accounting. He was a partner with Ernst & Young (and its predecessors) in Milwaukee for nearly his entire career. Don was actively involved in recruitment and had the privilege of assisting many college graduates launch their professional careers. During retirement, he and his wife spent winters at their home in Naples, Florida. Don is survived by his wife, Dolly; three children; and eight grandchildren. His son Scott is also a WICPA member and U.S. central region managing partner at Deloitte in Milwaukee.
Lee Austin Troz (1995 – 2020) Lee Troz, assurance associate with BDO Madison, died unexpectedly on Sunday, Feb. 23, in Madison. He was 24. Troz earned both Bachelor of Business Administration and Master of Accountancy degrees from the University of Wisconsin–Madison and passed all four parts of the CPA Exam on the first try. He died before he could obtain CPA licensure. In addition to his accounting acumen, Troz was a talented artist and musician who lived life passionately and cared deeply about his friends and family. His death was a surprise to those close to him, and he will be deeply missed by those he left behind, including his parents, brother and sister-in-law, niece, grandfather, and numerous loving cousins, aunts, uncles and friends.
John William Knuteson, CPA, MBA, JD
(1949 – 2020) John Knuteson, CPA, MBA, JD, a Wind Point Municipal Judge and private practice attorney, died at home in Racine on Friday, April 3, of COVID-19. He was 70. Knuteson graduated from UW–Madison with a Bachelor of Business Administration degree in 1972 and from Marquette University Law School with a Juris Doctorate in 1975. In 1986, he earned his MBA. Knuteson served his community as a member and past president of the Racine Downtown Rotary and as a past Wind Point village president. He coached his childrens’ t-ball, soccer and basketball teams when they were young and was a lifelong avid fan of the Wisconsin Badgers, Milwaukee Bucks, Milwaukee Brewers, Green Bay Packers and Horlick Rebels. Knuteson is survived by his wife, Cathy; two daughters; one son; eight grandchildren and many other relatives and friends.
If you are aware of a member obituary and believe it should be included in Memorials, please send a copy of the obituary or contact Marcia Tillett-Zinzow at mtzinzow@icloud.com.
PROVEN REASONS TO RENEW MEMBERSHIP 7
The WICPA is the premier association for accounting and business professionals in Wisconsin. Whether you’re looking to grow professionally, bring in new business, increase your expertise and leadership or protect the business you’ve helped build, the WICPA serves as your go-to resource to help you succeed and stay connected to the profession.
NETWORKING:
Join over 7,000 of your peers at professional and social events.
01
02
DISCOUNTED CPD EVENTS:
Receive discounts on conferences, seminars, breakfast programs, webinars and on-demand programs.
Renew today at wicpa.org/renew
07
ONLINE RESOURCES:
Post questions and share expertise on WICPA Connect – an exclusive members-only community, find and post jobs with the Career Center, and be listed as a resource to the public with the Find a CPA
Directory.
06
CREDIBILITY:
Brand yourself as a WICPA member to demonstrate your ethical standards and commitment to the profession.
03
LEADERSHIP DEVELOPMENT:
Enhance technical and soft skills with volunteer opportunities that help advance the profession, build the CPA pipeline and give back to the community.
04
IMPORTANT NEWS: 05 Keep current on legislative and financial regulations, technical topics and industry trends with our award-winning publications and e-news.
EXCLUSIVE SAVINGS:
Save on numerous products and services through our select Affinity Partners and Member Benefit Providers.
