Multi-Factor Authentication (MFA) is a security process that requires the user to provide more than one method of authentication to verify themselves for a login or other transaction. Only granting access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
- Knowledge factors are things you must know to be able to log in. E.g. username and password, PINs or the answers to secret questions.
- Possession factors are something the user must have in order to log in. A security token, one-time password token, mobile authentication.
- Inherence factors are any biological traits the user has to confirm the log in such as fingerprint scans, facial recognition, voice recognition, etc.
Multifactor authentication technologies
Security tokens are a physical device used to gain access to an electronically restricted resource, acting as an electronic key to access something. You may have seen the device in the form of a smart card or key fob or USB drive. Hardware tokens provide the possession factor for multifactor authentication.
Soft tokens are a software-based security token applications that generate a single-use login PIN. Soft tokens are often used for multifactor mobile authentication, in which the device itself provides the possession factor.
Mobile authentication variations include SMS messages and phone calls sent to a user, smartphone OTP apps, SIM cards and smartcards with stored authentication data.
Biometric authentication methods such as retina scans, iris scans fingerprint scans, finger vein scans, facial recognition, voice recognition, hand geometry and even earlobe geometry.
GPS smartphones can also provide location as an authentication factor with this onboard hardware.
Why use it?
Over 80% of hacking-related breaches are caused by stolen or weak passwords. A security breach caused by a weak password would undoubtedly cause huge issues for both the company and the customers who trust it.
As flexi-work becomes more popular and employees choose to work outside the office, companies require more advanced MFA solutions to manage more complex access requests. Adaptive multi-factor authentication evaluates the risk a user presents whenever they request access to a tool or information. For example, a risky situation could be if an employee wanted to check their emails in a cafe using an unsecured network.
Passwords — the more we need to remember, the lazier our password habits become. The great thing about MFA is, it secures the environment, the people in it, and the devices they’re using without requiring tedious resets or complicated policies. You can make it easier for your staff by providing them with a choice of factors to choose from, or by only requiring additional factors when necessary. MFA’s has a simple deployment and management as well as its integration with a broad range of applications!
By putting an MFA system in place, you are creating a layered defence, this makes it much harder for an unauthorised person to access a target. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
When to use it:
Password authentication is a constant risk. There will always be a good chance that users will choose easy to guess passwords or fall victim to social engineering. So, what can you do?
- Choose Cloud and Internet-connected services that offer a form of multi-factor authentication.
- All users, including administrators, should use multi-factor authentication when using Cloud and Internet-connected services. This is particularly important when authenticating to services that hold sensitive or private data.
- Administrators should be required to use multi-factor authentication.
- Carefully consider which services you allow for single-factor authentication.
Examples of when you might be prompted to use it:
- When logging in to a service using a device they haven’t used before.
- Extra authentication every time you log on to a service. This is more usual for services that have a higher impact if they’re compromised, such as an email account or online banking.
- You need to re-verify yourself using an extra factor when performing high-risk actions – such as changing a password or transferring money.
MFA has a lot to offer, if you are serious about providing the best protection for not only your business and staffs data but your clients too, MFA is a no-brainer. If you’d like more information on how MFA could benefit your business, give us a call or drop us a message.