Require MFA for all BillGO Exchange users, not just administrators.
When setting up MFA, use a combination of factors to enhance security. We recommend the following 3 guidelines:
- Something you know, like a password
- Something you have, like a smartphone or hardware token
- Something you are, like a fingerprint
Avoid using 2 factors that rely on the same type of information.
For example, DO NOT use the email address you selected for your initial authentication user ID as the email address from which to receive the required code for the multi-factor authentication. BillGO Exchange offers both phone and Google Authenticator as alternative MFA options to email.
Use unique user accounts and not shared (or distributed) accounts with unique multi-factor settings, such as individual phones, SMS, voice mail or third-party authenticators.
Remember: MFA means 1-to-1 account, not 1-to-many accounts.
Set up notifications and alerts with your identity provider (IDP) to drive to multiple sources (i.e., email, device, phone, etc.) when user account information has been modified, such as a password change.
Regularly monitor your IDP for authentication attempts and analyze any anomalies or suspicious activities.
Train and educate users to "See Something, Say Something."
If something doesn't seem right question it. In other words, be a human firewall!