The Importance of Multi-Factor Authentication (MFA) into Cloud/SaaS Applications:
CyberHoot recommends clients enable MFA for administrator logins to CyberHoot. This prevents hackers from breaching your application. Hackers steal passwords through phishing campaigns and by reusing passwords captured from other online sources such as breached websites. The HaveIBeenPwned.com website contains 12 billion email addresses and related personal information in its database all of it sourced from online breaches.
Microsoft states that in one month’s time 1.2 million accounts can be breached in it’s O365 environment but that 99.9% of the breached accounts will not have MFA enabled. Enable MFA on all your SaaS applications, including CyberHoot (required). Next we’ll outline the MFA methods CyberHoot supports.
CyberHoot Multi-Factor Authentication Methods:
CyberHoot supports three methods of accomplishing MFA.
#1 Authenticator Applications: If you watch the video below, it shows you in 1 min, how to setup your authenticator application access into CyberHoot. Any Authenticator app can be used including Google Authenticator and Microsoft Authenticator. There are others and they work the same way. This is the recommended and most secure form of MFA supported by CyberHoot. If this doesn’t work, we can always use Email.
#2 Email: If you do nothing upon registering as an Administrator, your MFA code will be emailed to you each time you successfully provide your email address and password. While this is generally considered a safe option, it is not as safe as Authenticator Applications. It is more secure than SMS based MFA. If Email and Authenticator Apps won’t work for you, there’s always SMS.
#3 SMS: NIST has deprecated the support of MFA solutions using SMS because it is less secure than other options. CyberHoot can send you an SMS authentication code if you enroll your mobile device into CyberHoot. While this may seem convenient, SMS based MFA should be avoided when possible as mobile phone numbers can be stolen, ported, or sniffed as outlined in this Tech Republic article.
Now that you know which methods of MFA we support, let’s learn how to set this up.
How do I enable MFA on my Administrator Account in CyberHoot?
Step #1: Log in for the first time. You will be emailed an MFA code to input. This is enabled by default for all new administrators.
Step #2: Click on your Name in the Top Right corner once authenticated the first time.
Step #3: Under your account settings, select the form of MFA you wish to use (SMS, Email, OR Authenticator App) and follow the enrollment process.
You’re done. The next time you login this preference will be followed.
This 1 min. video shows you exactly how to setup Administrator-level MFA access into CyberHoot.
Kasaya Article on Multi-factor authentication
Best Authenticator Apps of 2023 from PC Magazine
Five Reasons why SMS MFA is Insecure
CyberHoot Cybrary Term: Two-Factor Authentication (2FA, aka MFA)
CyberHoot has many resources available to you. Below are links to all of our resources; please check them out and use them whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our MSP Multi-tenant administrators!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.