Why Your Encryption is Only as Good as Your (Multi-Factor) Authentication

by Jeff Edwards Posted on July 09, 2019

Username and password may be the de-facto means of authentication for many organizations, but they can easily be the weakest link in security controls. In this article, we’ll detail why Multi-Factor Authentication (MFA) should be paired with encryption for top-level security.

In 2019, encryption is everywhere. It’s a standard feature on your iPhone, your messaging program of choice, and your file transfer tools. Encryption has gotten so powerful that the federal government wants a backdoor into consumer apps and devices, and criminals have weaponized it to great financial success.

But while encryption is an essential part of any cybersecurity toolkit, and a best practice for securing any sensitive data, whether in transit or at rest, there is a weak link that can give just about any hacker access to your sensitive information: bad authentication methods, namely, the username and password.

Username and Password: The Dumb and Dumber of the Authentication factors

Today, your usernames and passwords are part of your identity, just like your address, phone number, and driver’s license. Unfortunately, they can be just as easy to procure as your phone number and address, especially if they’ve been used across multiple accounts.

Managed File Transfer

It doesn’t take much searching to see that dozens of high-profile websites lose millions of password and username combinations every year, and it’s easy to check for yourself whether you’ve lost any.

The problems with passwords are multiple, and they’re well known, in fact, even the most complicated password imaginable is little trouble for a computer to crack, and it’s absolutely useful if it’s leaked even once, because passwords can be sold and exchanged easily, and they frequently are, which makes them a huge liability for large organizations. Despite this, many organizations repeatedly reuse passwords for important business apps, and even for sensitive databases.

And research has shown that as many as 1 in 5 employees are willing to sell their passwords for less than $100.

In light of all this, it stands to reason that your encrypted data is only as secure as the means of authentication used to protect and control access to it, and if that means password and username, you have your weakest link. So, when the traditional, widely prevalent means of authentication are so flawed, what’s the next step?

Generally, the best move is to step-up your authentication to Multi-factor Authentication (MFA).

What is Multi-Factor Authentication?

Multi-factor Authentication, often written as MFA, is a method of authentication and access control that adds an additional factor, aside from username and password, to the authentication process.  Typically, this is achieved by pairing something the user knows, such as his or her username and password combination, with something the user has, such as a push notification to their phone, or a one-time password token, such as those made by Gemalto. Other third factors can include email or phone calls, or even biometric factors, such as a fingerprint or facial scan.

Want to know the difference between PGP, OpenPGP and GnuPG? Download our free  Encryption Handbook now!

Sounds familiar right? That’s because most people have already had some experience with this, whether from using our fingerprint to unlock our phones, or receiving a text from our bank to verify our identity before transferring funds online.

MFA and Encryption: A Winning Combination

In the past ten years, MFA has become a common technology. So much so that it’s a common requirement to meet compliance standards.

Now I know what you’re thinking— “if MFA is really so good, why should I protect my data with encryption in the first place? Isn’t it enough to keep hackers from accessing it?” Not exactly. To use a weak analogy, using multi-factor authentication without encrypting the data stored behind it is a bit like locking your car but leaving your valuables out in the open… if a criminal is able to find a way in, they can take anything they want. Conversely, encrypting your data, but using a simple username/password combination to control access, is a bit like leaving your car unlocked, but locking your valuables in the glove box. If your car is ransacked, you can bet that the criminal will try their best to get access to that glove box—and may succeed.

The real best practice is to leverage both technologies by using tools that encrypt your sensitive files in transfer and at rest, and integrate with MFA tools to manage access to those sensitive files.

Progress’s MOVEit Transfer does just that, with award-winning MFA capabilities that let you securely control user access, as well user-class-based password expiration policies, and single-sign on. MOVEit Transfer also supports Secure Folder Sharing, making it simple for internal and external users to securely and easily collaborate while maintaining a complete audit trail.

MOVEit’s authentication capabilities delighted or highly satisfied 97% of users, according to a recent product scorecard from Info Tech Research Group. To learn more or request a free trial, click here.

managed file transfer


Jeff Edwards
Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.
More from the author

Related Tags

Related Articles

Data Protection is Not Complete Without a Secure Managed File Transfer (MFT) Software
Data threats are increasing every day and smart IT pros are racing to not just keep up but get ahead. One area many neglect is secure file transfer.
Managed File Transfer and Improving Regulatory Compliance
Learn how MFT software was used in the healthcare sector for transferring huge amounts of data on a daily basis while maintaining security & compliance. 
Passwords Don't Work: Multi-Factor Authentication is Essential
A month ago we told you how MFA (Multi-Factor Authentication) is an essential part of your encryption strategy. This month we’re letting someone else tell you the same thing for even more confirmation.
Installing Duo 2FA for Windows Log-on and RDP
Two-factor authentication is currently one of the best security practices for protecting users, data and systems. Duo is one of the leading platforms for using two-factor authentication in the enterprise as it protects many common on-premises and cloud applications by...
Balancing Security and Ease of Use with Two-Factor Authentication
Username and password have long been the main method of authentication—and they remain so. But other authentication factors are often added to passwords to improve security. How well do these multi-factor authentication approaches work, and should businesses approach...
MOVEit 2017 Plus Enhances Security with Multifactor Authentication (MFA)
Introducing the new and improved MOVEit 2017 Plus. MOVEit 2017 Plus adds important security features, such as multifactor authentication. 
Prefooter Dots
Subscribe Icon

Latest Stories in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation