With South Africa’s Information Regulator on record as saying the country suffered at least 150 data breaches a month in 2024, South Africans must make Multi-factor Authentication (MFA) the non-negotiable centrepiece of their personal cybersecurity new year’s resolutions.
Data breaches were up threefold in 2024 compared to 2023, notes Roger Britz, Customer Experience Catalyst at PerfectWorx Consulting.
“Keeping personal data and online accounts safe pivots on MFA. Experts agree that implementing an additional layer of security to validate user identities can block 99.9% of automated cyberattacks which are increasingly powered by Artificial Intelligence (AI),” says Britz.
Although it has become common to create multiple online accounts to access content, Britz advises South Africans to resist the temptation to reuse passwords in 2025. “Bad actors are noticing our country and cyberattacks are only going to increase over the next twelve months. We must not provide cybercriminals with the means to break into multiple accounts,” cautions Britz.
Password protection is simply not enough. An additional layer of security is needed and concerned end users locally and overseas are now insisting the organisations they interact with online implement MFA or Two-factor Authentication (2FA).
Critically, a second factor of authentication helps to prevent access even if one’s password has been compromised.
MFA is essentially a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
The factors that can be used for authentication can generally be split in three categories:
- Knowledge factor – This is something the user will know that no one else knows. This could be the answer to a secret question like a pet’s name.
- Possession factor – This is something that a user uniquely owns. An example for this would be physical devices like mobile phones. A notification can be sent to an authenticator application on the phone.
- Inherence factor – This is something that is inherent to the user. With the advancement of technology, many mobile phones now allow fingerprint scanning or facial recognition as an authentication factor.
There are many options available for MFA, so it is important to do one’s homework. One option that brings many added features to the table is Cisco Duo, an MFA application from global tech company Cisco. It verifies user identities and – critically – also the health of their devices.
Cisco Duo not only adds MFA, it makes the user experience smoother and simple by adapting authentication requirements based on risk level. It also adopts a Zero-Trust security stance which assumes no user should be trusted by default.
Duo provides an easy-to-use, secure mobile authentication app for quick, push notification-based approval to verify a user’s identity with smartphone, smartwatch and security key support. Duo also offers a more secure, Verified Duo Push option.
“As technology continues to grow, more and more of our sensitive data will be stored online in the Cloud.
“It is therefore vital for businesses and individuals alike to see the coming new year as an opportunity to take all steps to ensure that their data is better secured by MFA. Remember, at the beginning of all online access, is authentication,” concludes Britz.