...

Organisations access their data and services hosted in the cloud over an internet connection. If access control to that information is not secure, it is under threat from online criminals all over the world. In recent years, there has been an increasing number of attacks on cloud services, using techniques to steal user’s passwords to access their accounts. Microsoft reports that there are over 300 million fraudulent sign-in attempts to their cloud services every day. Most data breaches involve weak, default or stolen passwords.

The average person needs to remember 70-130 passwords, so it is hardly surprising that a 2019 Google survey found that 65% of people reuse the same password for multiple or all accounts. When people reuse the same password across numerous accounts, if just one of those accounts is breached, the password and user name will fall into the hands of cyber criminals and all the other accounts that share the same password become vulnerable.

...

A trusted device: MFA techniques that use a trusted device can rely on the knowledge that a user possesses a specific device (e.g a company computer) to prove they are who they say they are. Organisations can configure cloud services to only accept authentication attempts from within their trusted enterprise networks. This ensures that users can only authenticate if they are either directly connected to that trusted network or have remote access to it over a virtual private network (VPN). In addition, or as an alternative to using a VPN, remote workers would be able to access online services only on trusted devices that are managed by the organisation. (See guidance about VPNs.)

An application: An authenticator app generates a single-use password that changes every minute. Alternatively, an app can receive push notifications that prompts the user to confirm or deny that they are currently trying to log in to a named service.

...