The sad fact is: Hackers and Cyber Criminals are setting all-time records in Ransomware and other types of breach attacks. How do you protect yourself? First, it’s important to have reputable, knowledgeable and experienced IT support – whether it’s in-house or an outsourced Managed IT Services provider.

Poll the top firms in the IT Support Los Angeles Community, and if they’re worth their salt, they’ll tell you that Firewalls and Anti-Virus (AV) is not enough. IT support people are well aware of this. Crooks are cagey and they know the way into a network that boasts the very best in next-generation Cybersecurity is through the end user. The employees and management are the focus of the first-defense: Multi-Factor Authentication (MFA).

While cyber threats continue to grow, many casual IT consulting services still think a password is enough. It is not. This is just one area that separates the best from the mediocre in the IT Services world.

What is multi-factor authentication and why is it important?

The simple answer is that Multi-Factor Authentication (MFA) are the login steps that prove you are authorized to access a network. Set up by either your in-house IT services or outside Managed IT Services provider, it is the strongest Cybersecurity ‘first-defense’ against cyber criminals trying to find a way to breach your system. Every factor needs to be strong, but the overwhelming data shows that they are not. It goes beyond passwords.

What are the factors of multi-factor authentication?

There are three:

1) Something you know: Your password/identification number and answers to personal questions (the classic being ‘What is your mother’s maiden name?’).
2) Something you have: Scan cards, tokens of some sort and codes sent to your smartphone to verify your identity.
3) Something you are: Thumb or fingerprint, retinal scan etc.

Less thorough is Dual-Factor Authentication (2FA), where two levels are used: typically a password and an identifying question.

The First Factor: Something you know

Part 1: Passwords

Your password should only be the first factor in a multi-factor authentication process, but it simply cannot serve as the ‘be-all-end-all’ of your individual Cybersecurity defenses. All of the Firewalls, Anti-Virus, and email filters in the world cannot protect your network when hackers can figure out an inadequate password and gain entry to your network to victimize you.

In this day and age a strong password is a must, but it’s only a start. The two weakest links in the Cybersecurity chain are the end user and their passwords. More cyber criminals gain entry to networks by duping end users than by any other means, and there is nothing your IT services can do to prevent an employee allow criminals into the system. The #1 method of breaching a network is through Phishing emails which contain a malicious link or attachment that, once clicked on, lets the hacker or virus right into your system to wreak havoc.

But let’s say the user doesn’t fall for these Phishing expeditions. Now the hacker has to figure out the password which is sadly not that difficult because they are typically predictable.

What are the 5 most commonly used passwords?

According to NordPass, the top 5 passwords of 2021 are inept:

It typically takes a hacker one second to break these, and “VOILA!”: The gypsies are in the palace. If you are using any of these (and the next 5 most commonly used passwords are no better), please take a look at our IT Support LA page ‘Creating Strong Passwords’ and up your game. Firewalls and Anti-Virus (AV) are as weak as your home’s front door if you leave your spare key in the first place where burglars look: under the welcome mat.

The First Factor part 2: Identifying Questions

Commonly Identifying questions are tricky: cyber criminals ‘case’ a company through social media like a robber cases a bank. If your question is “What is your pet’s name?” and your facebook page is plastered with photos of you and your cat ‘Muffin’, then that question offers zero defense against intrusion. You might as well leave your window open with a clear view to the painting on the wall pulled back to reveal your open wall safe. Choose something you haven’t talked about everywhere on social media – crooks are watching.

The Second Factor: Something you have

Although more often seen as a security feature for entering and moving around facilities, this is a physical cryptographic token: a card you swipe to gain access. This is also surreptitiously provided with a digital certificate installed within the computer to allow the user access to the VPN. The user usually doesn’t even know it’s there.

The Third Factor: Something you are

Biometrics use thumb or fingerprints, retinal scan, voice, or facial recognition etc. It scans part of you to determine that you are you.

Note that any good Managed IT Services provider should be able install the hardware and software for factors 2 and 3. You do not typically need a separate vendor for this – any more than you would need one for Closed-circuit camera surveillance – your IT support should be able to install these devices.


The simple ‘password and in’ logons are weak in the face of today’s cyber threats – especially if the passwords are weak. Criminals spend a lot of time searching for companies and identifying weak spots, and one crook doesn’t do all the work. There are people who are just researchers – looking through social media and sending out test phishing emails to see who opens them.

The criminal that attacks your system can buy blocks of information on the dark web with all of the information they need to breach your system or infect you with Ransomware. The over all community of cyber crooks has echelons and are extremely dedicated to turning your money or data into theirs.

Frequently Asked Questions

What is the difference between 2FA and MFA?

MFA uses multiple levels of authentication (such as all three types). 2FA requires only 2 – generally a password and an identifying question. MFA is much stronger login protection.

What is the purpose of password manager?

For users juggling a lot of different passwords, a password manager stores them all securely. The only password you would need to remember is the one for the password manager itself.

This can also be used on smart phones.

What does password generator do?

It is a tool that creates very strong, unpredictable passwords based on your input. As these passwords are not generally second nature for you to remember, a password manager can come in very handy.

Is Captcha considered MFA?

NO. Captcha is just a way for websites to keep out Bots. It has no place in MFA.

See how your protected your network is:

IT Support LA offers a FREE, no-risk network and security assessment. No strings, no obligation. Just fill out the form on this page or call us at: 818-805-0909