Make multi-factor authentication your new year’s resolution

Issue 1 2025 Information Security


Roger Britz.

With SA’s Information Regulator on record as saying the country suffered at least 150 data breaches a month in 2024, South Africans must make multi-factor authentication (MFA) the non-negotiable centrepiece of their personal cybersecurity new year’s resolutions.

Data breaches were up threefold in 2024 compared to 2023, notes Roger Britz, Customer Experience Catalyst at PerfectWorx Consulting. “Keeping personal data and online accounts safe pivots on MFA. Experts agree that implementing an additional layer of security to validate user identities can block 99,9% of automated cyberattacks, which are increasingly powered by artificial intelligence (AI),” says Britz.

Although creating multiple online accounts to access content has become common, Britz advises South Africans to resist the temptation to reuse passwords. “Bad actors are noticing our country, and cyberattacks are only going to increase over the next twelve months. We must not provide cybercriminals with the means to break into multiple accounts.”

Password protection is not enough. An additional layer of security is needed and concerned end users locally and overseas are now insisting that the organisations they interact with online implement MFA or two-factor authentication (2FA). Critically, a second authentication factor helps prevent access even if one’s password has been compromised.

MFA is a multi-step account login process requiring users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.

The factors that can be used for authentication can generally be split into three categories:

1. Knowledge factor – This is something the user will know that no one else knows. This could be the answer to a secret question like a pet’s name.

2. Possession factor – This is something that a user uniquely owns. An example of this would be physical devices like mobile phones. A notification can be sent to an authenticator application on the phone.

3. Inherence factor – This is something that is inherent to the user. Many mobile phones now allow fingerprint scanning or facial recognition as an authentication factor.

There are many options available for MFA, so it is important to do one’s homework. One option that brings many added features to the table is Cisco Duo, an MFA application from Cisco. It verifies user identities and - critically - their devices' health. Cisco Duo not only adds MFA, it also makes the user experience smoother and simpler by adapting authentication requirements based on risk level. It also adopts a Zero-Trust security stance, which assumes no user should be trusted by default.

Duo provides an easy-to-use, secure mobile authentication app for quick, push notification-based approval to verify a user’s identity with smartphone, smartwatch and security key support. Duo also offers a more secure Verified Duo Push option.

“As technology continues to grow, more and more sensitive data will be stored online in the cloud. It is, therefore, vital for businesses and individuals alike to see the coming new year as an opportunity to take all steps to ensure that their data is better secured by MFA. Remember, at the beginning of all online access is authentication,” concludes Britz.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.