Multi-Factor Authentication & Trucking Companies

Published in TMC Fleet Maintenance & Technology magazine Spring 2025

Why Multi-Factor Authentication Matters for Trucking Companies

By Mark Zachos

When it comes to cybersecurity in trucking, it is important to remember the extent of just how much the industry encompasses. There are computerized tools for everything from diagnostics and fuel management to payroll and driver hours to route planning and other logistics. These tools play a big part in keeping wheels on the road, and without proper security, can open a trucking company up to a cyberattack.

Multi-factor authentication (MFA) is a valuable tool that can be implemented on computer systems and accounts to help individuals and organizations ward off cyberattacks by protecting critical information and data.

“MFA is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a user’s identity for login,” according to the U.S. Cybersecurity & Infrastructure Security Agency (CISA). “MFA increases security because even if one authenticator becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space or computer system.”

The way it works is that in addition to simply entering a password or personal identification number (PIN) to gain access to an account protected with MFA, users are also required to present at least one extra piece of evidence to prove they are legitimate. This evidence typically falls into three categories:

Something you know – like your password or a PIN
Something you have – like a smartphone, a USB key or a security token
Something you are – like your fingerprint or facial recognition

“Typically, the second factor we use is ‘something we have,’ such as our smart phone with access to email or an authenticator app, a smart card … or a token that generates a unique code based on a complex algorithm,” explained Ryan A. Higgins, Chief Information Security Officer for the U.S. Department of Commerce, in a 2022 Cybersecurity Awareness Month post. “More companies and organizations are offering MFA as an option by emailing you a code or using an authenticator app.”

Why Should the Trucking Industry Care About MFA?

Since trucking companies handle things like client contracts, delivery schedules payroll information and other sensitive information, it causes the industry to be an appealing target for cybercriminals. MFA makes it much more difficult for hackers to break into an account, even if a hacker somehow gets hold of a password or another single layer of authentication.

Take, for example, phishing attacks. The most careful employee can still accidentally click a bad link. But with MFA enabled, even if an account password gets compromised in a phishing attack, there is a high chance that hackers will not be able to come up with a second authenticator needed to log in. Thus, access to that account will be denied.

A single cyber breach can shut down operations, costing a company time, money and its reputation. MFA can help fleets protect GPS tracking, telematics and electronic logging devices (ELDs), all of which are vulnerable to attacks. A cybercriminal gaining access to any of these systems could disrupt routes, delay deliveries or even endanger driver safety.

And for businesses that handle government contracts or sensitive goods, MFA is often seen as a best practice to protect fleet information and to meet compliance standards.

How MFA Works in the Real World

Say a dispatcher needed to log in to a company’s logistics portal. With MFA, the dispatcher likely first would enter a password (something they know). Next, the dispatcher would receive a cellphone notification (something they have) or, if it is a newer system, they might also scan a fingerprint (something they are).

Only after verifying at least two of these factors would the dispatcher gain access. So even if someone stole a password, that cyberthief would hit a dead end without access to at least one other factor.

Here are some ways fleets can apply MFA:

Start with Critical Systems – Identify which systems are most crucial to your operations. Implement MFA there first.

Educate Your Team – Beyond installing new tech, it’s about getting buy-in from your drivers, dispatchers and office staff. Explain how MFA protects not just the company but also employees’ personal data.
Choose the Right Tools – There is no shortage of MFA solutions out there. Some integrate directly with the software you are already using. Pick a solution that is user-friendly for your team.
Make It Trucking-Friendly – The trucking industry has unique challenges – drivers are on the move, often working irregular hours. Make sure your MFA system is accessible on mobile devices and does not require perfect cell service to work.
Plan for Exceptions – What happens if someone loses their phone or their fingerprint scanner doesn’t work? Have a backup plan in place, like security questions or a temporary code system, so operations do not grind to a halt.

In the trucking industry, where every minute counts and margins can be razor-thin, the last thing an organization wants is to deal with the chaos of a cyberattack. MFA is a smart, cost-effective way to protect business, drivers and customers.

“Most people accessing services online have relied exclusively on passwords to protect their accounts, yet passwords have proven to be a weak link on their own due to the sheer number we are asked to memorize and how effective computer programs are at cracking passwords,” said Higgins. “This is where MFA helps overcome these inherent weaknesses and better protect us all. Adoption of a second authentication factor increases confidence that the right individual is accessing the right system or service.”