MSPs and 2FA: A relationship of necessity

 Thursday 5 September, 2019
MSPs and 2FA: A relationship of necessity

Managed service providers are constantly battling the tyranny of weak passwords.

Nearly 3% of people have had '123456' as their password which has been ranked as the worst password for many years.

To make it worse, bad memory accompanied by several online accounts force people to adopt password recycling. The same password for all login credentials is dangerous. One simple hack can grant access to multiple accounts and terabytes of data, putting your MSP and clients at the mercy of cybercriminals. 

The bottom line is — a password-only approach will not cut it anymore.


What is 2FA?


Two-factor authentication (2FA) is an additional layer of security to prevent unauthorized users: who have nothing more than a stolen or recycled password. This is because 2FA demands two or more credentials for authentication.

Following are the three most popular authentication types that are part of 2FA:

  • Only the user knows: Password, PIN code, or answer to a secret question.
  • Only the user has: Mobile phone and USB token.
  • Only the user’s physical characteristics: Face or voice recognition, fingertips, and retina scan.

2FA is a cause of frustration among hackers, making it impossible for them to penetrate MSPs’ and their clients’ network. Yet, many service providers prefer to risk it all by following a password-only approach.


MSP businesses need 2FA


Lately, hackers find it appealing to go behind MSPs. It’s simple math: one attack compromises systems of their clients - affecting multiple companies. A common method is to target the RMM (remote monitoring and management) software used by MSPs to get access to end-customer systems.

Two-factor authentication keeps your MSP credibility intact, especially when MSPs have come under the radar of cybercriminals.


The 'APT 10' menace


The US Department of Justice indicted the hacker group which goes by the name ATP 10 for stealing confidential data from MSPs. ATP 10’s victims included more than forty-five companies and government agencies, spread across twelve countries (including the USA). The industries affected were banking, healthcare, medical equipment, and technology.

Watch the Deputy U.S. Attorney General Rod Rosenstein address to the media on the issue:


Attack of the CryptoLocker


Once hackers gain access, they deploy a malware called CryptoLocker. The attack locks customers out of their systems until the ransom fee is not paid up. Recently, a mid-size MSP had to pay close to $2.6 million to retrieve the 1500-2000 systems that were cryptolocked.


The rise of Ryuk


Data Resolution, a California-based MSP, was hit by a Ryuk ransomware when a hacker gained access with dormant login credentials. All files were encrypted on the compromised hardware which would be decrypted only with a payment fee. Engineers shut down the infected servers and no ransom was paid; this left them with the burdening cost of rebuilding the infrastructure.


Compete on credibility with the new Pulseway 2FA


Compete on credibility with the new Pulseway 2FA

The enhanced two-factor authentication from Pulseway helps MSPs stand out in the market. Adding 2FA to your offering brings a sense of security and comfort to prospects, making them easy to convert.

Here’s how Pulseway 2FA works:

Step 1 - Requires an additional step for users to access their accounts.

Step 2 – When enabled, along with a password, users will have to type in TOTP (Time-based One-Time Passcode) which will be sent via push notification on the registered mobile phone.

Step 3 – In case you don’t have access to mobile phones, Pulseway will generate single-use backup codes for the safe login.

Ultimately, MSPs gain security and business growth, all at the same time.

Try Pulseway Today

Get started within a few clicks and experience the most powerful IT management platform in the industry.

Free 14-day trial         No credit card needed
Capterra Logo
GetApp Logo
G2 Logo
Spicework Logo