Skip to main content

Understanding Password Security and Multi-Factor Authentication

November 14, 2024

Safeguarding sensitive financial data is crucial for CPAs. In an increasingly digital environment, effective password management and the use of multi-factor authentication (MFA) are essential for protecting both company and client information.

Consider how many passwords you manage daily – for personal use, and various professional applications and secure financial platforms. The actual number is often much higher than we realize, especially as we accumulate accounts over time. Many of these passwords may not meet security standards, increasing vulnerability to cyber threats.

Apply these three tips when creating passwords

Consider keeping the following recommendations in mind as a standard for secure passwords:

Prioritize length over complexity: Longer passwords significantly enhance security. Aim for passphrases of at least 14 characters, composed of random words (e.g., “Ilovereviewingtaxcodes”). This method is both memorable and secure.

Create unique passwords: Each account should have a unique password. This reduces the risk of one breached password compromising multiple accounts.

Keep your passwords safe: Never share your passwords. Consider updating them regularly. Avoid storing them in unsecured locations such as in documents on your computer or on sticky notes in your workspace and instead, use a reputable password manager.

Consider using a password manager

Given the multitude of passwords you manage, a password manager is an invaluable tool. These applications can generate secure passwords and store them safely.

Here are a few features and benefits of password managers:

  • Password managers can generate and store complex and lengthy passwords for you.
  • Most password managers require a master password to access your passwords, which adds an extra layer of security.
  • Some password managers have mobile apps for you to access from your phone.
  • Some password managers can also act as an MFA tool (more on this below) to store your one-time passcodes for multi-factor access.

Know the benefits of MFA

MFA is a security method that requires two or more types of authentications to verify the identity of a user and grant access to a system or service. Enabling MFA, when possible, can make it harder for cybercriminals to remotely access your accounts.

There are four main types of authentications:

  • Knowledge: Something you know. For example, security questions, username, and password.
  • Possession: Something you have. For example, a work badge, cellphone (text and push notification), hardware token, etc.
  • Inherence: Something you are; personally identifiable. For example, biometrics such as fingerprints and iris scans, or voice recognition.
  • Location: Somewhere you are; your physical location. For example, U.S.-based consumers can only stream North American streaming contents.

Securing your account with more than one type of authentication effectively sets up MFA on your account. This added layer of security can reduce your account’s exposure when compromised.

When evaluating your MFA options with your team, consider opting for hardware tokens or authenticator apps when possible. Cybersecurity experts generally agree on the following list of MFA options ordered from most to least preferred:

  1. Hardware token – USB token devices or one-time passcode generator.
  2. Authenticator app – Mobile app for push notifications or time-based one-time passcode.
  3. Email – Code delivered via email. Vulnerable to phishing and email account protection.
  4. SMS – Code delivered via text message. Vulnerable to SMS phishing.

Understanding the benefit of unique, lengthy passwords and implementing MFA can be critical steps for CPAs in the realm of digital security. A password manager can be a helpful tool when you need to manage multiple passwords. And when establishing new accounts, prioritize setting up MFA to protect both your and your clients’ information.

This content was provided by an OSCPA partner, INTRUST Bank. Learn more about INTRUST Bank and how to protect yourself against cybercriminals at intrustbank.com.