In May 2021, cyberattacks targeting weak or reused passwords are still on the rise. For small and medium businesses (SMBs), relying solely on passwords is no longer enough. Multi-factor authentication (MFA) has moved from a “nice-to-have” to a non-negotiable part of any cybersecurity strategy.
Multi-factor authentication adds a second (or third) layer of identity verification beyond the traditional username and password. Typically, this means something you know (password) combined with something you have (e.g. a mobile device) or something you are (biometric data).
In 2021, MFA adoption is surging across sectors due to regulatory requirements, insurance pressures, and the need to secure hybrid workforces. Platforms like Microsoft 365, Google Workspace, Xero, and Salesforce all support MFA—and insurance providers increasingly require it for cyber policy eligibility.
Many SMBs worry MFA will frustrate users or slow productivity. In reality, modern MFA tools are fast, intuitive, and flexible. You can configure MFA to trust specific devices, bypass prompts from whitelisted IPs, and allow self-service resets—minimizing friction while maintaining security.
Training is essential. Employees need to understand not just how MFA works, but why it matters. Frame it as protecting their own data as well as the company’s. Use short explainer videos, FAQs, and hands-on demos to build familiarity and confidence.
Multi-factor authentication is a pillar of the “zero trust” approach. It helps ensure that identity, not just network location, governs access. Especially in remote or hybrid environments, MFA provides an essential security baseline.
Eduardo Wnorowski is a Technologist and Director at Virtus Group Ltd.
With over 26 years of experience in IT and consulting, he brings deep expertise in networking, security, infrastructure, and transformation.
Eduardo helps New Zealand businesses navigate change with clarity, security, and trust.
🔗 Connect on LinkedIn