Beyond Passwords

A Small Business Guide to Multi-Factor Authentication

Cybersecurity isn’t a concept confined to the big players. Every small business with a digital footprint, grapples with data security concerns. In a world where passwords aren’t enough to guard our business data, the need for stronger security measures, like Multi-factor authentication (MFA), comes to the fore.

This post peels back the layers on password security, provides an easy-to-understand guide to MFA, weighs its pros and cons, and offers tips on how to effectively apply MFA to your small business.

Risks in Relying on Passwords Alone

Passwords have been the go-to authentication method for ages, but they’re not foolproof. Let’s look at some reasons why:

  • Password recycling: Too many of us use the same password for different accounts. If hackers crack one, they can access all.
  • Predictable passwords: The use of simple passwords like “123456” is alarmingly common.
  • Phishing scams: Cybercriminals can trick people into giving away passwords through emails masquerading as authentic communications.

These pitfalls underline the need for an additional security layer, and MFA fits the bill perfectly.

MFA Simplified

MFA demands two or more forms of proof to grant account access. Here’s a breakdown of the three primary authentication factors:

  1. Something you know: Passwords, PINs, security answers.
  2. Something you have: Devices like smartphones or USB tokens.
  3. Something you are: Biometric markers like fingerprints or facial features.

The blending of two or more of these forms creates MFA methods, some of which include:

  • SMS-based: A one-time code sent to the user’s mobile.
  • Time-based One-Time Password (TOTP): A dynamic code that changes every 30 seconds.
  • Smart card: A physical card containing the user’s credentials.
  • Biometric: Authentication through physical characteristics like fingerprints.

Weighing the Pros and Cons of MFA Methods

Each MFA method has its strengths and weaknesses. Here are a few:

  • SMS-based authentication: While user-friendly and widely accessible, it’s susceptible to SIM swap scams and SMS interception.
  • Time-based One-Time Password (TOTP): This method is secure and doesn’t need an internet connection, but it does need a separate code-generating app or device.
  • Smart card authentication: Secure and independent of an internet connection, but it requires a physical card which can be lost or stolen.
  • Biometric authentication: Highly secure and convenient, but may require specialized and potentially expensive hardware.

Implementing MFA in Your Small Business

While MFA might seem like a big leap, the security benefits make it worth it. Here’s how to go about it:

  1. Pick the right MFA: Consider your business needs when selecting an MFA method.
  2. User training: Make sure your team knows how and why to use MFA.
  3. Test MFA: Run a pilot to ensure everything works smoothly.
  4. Gradual rollout: Implement MFA in stages to avoid disruption.
  5. Monitor: Keep track of your MFA system to spot and resolve issues.

Wrapping Up

A unattributed quote says, “Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.” As true as it may be, passwords alone can’t guard your business data.

MFA, on the other hand, by merging two or more authentication factors, can bolster your cybersecurity significantly. While each MFA method has its own strengths and weaknesses, a well-chosen and well-implemented method can safeguard your small business effectively.


Interactive video

Watch the interactive video, try the activities, to strengthen your understanding of multi-factor authentication.



  1. The Journey Beyond Passwords
  2. Beyond Passwords: A Look at MFA, Biometrics and More
  3. Unravelling MFA: The Move Beyond Passwords

Equip yourself with the knowledge to protect yourself against cyber threats. Enrol in my: Information Security Awareness: An Introduction for UK SMEs