|
What is it and what's its importance?
|
|
The goal of multi-factor authentication is to create a layered defence of two or more independent credentials: what you know (password), what you own (security token), and what it is (biometric verification). Requiring multiple factors to authenticate a user makes it more difficult for an unauthorized person to gain access to computers, mobile devices, physical locations, networks, or databases; each successive layer should help protect where other layers could be weak.
|
|
|
|
There are three credential categories: something you know, have, or are. To gain access, your credentials must come from at least two different categories. One of the most common methods is to log in using your username and password. Then a unique code will be generated and sent to your phone or email, which you must enter within the stipulated time frame. This unique code is the second factor.
Here are some examples in each category:
|
|
|
|
Something the user knows:
|
|
 |
Password / secret phrase
|
|
PIN number
|
|
|
|
|
Security token or application
|
|
Verification text, call, email
|
|
SmartCard
|
|
|
Something that the user is:
|
|
|
Fingerprint
|
|
Facial recognitio
|
|
Voice recognition
|
|
|
If it were possible to develop a single authentication method that was 100% accurate and could not be hacked, we wouldn’t need multi-factor authentication. But passwords can be seen, heard, guessed, or circumvented; a token can be lost or stolen; and an identical individual or photograph might even deceive biometric recognition systems. That's why multi-factor authentication is currently very important for account security.
The concept of security using multi-factor authentication is that while there may be a weakness in an authentication factor - for example, a stolen password or PIN - the existence of a second or third factor would compensate to provide the appropriate authorization for access.
|
|
|
|
Multi-factor authentication should be used to add a security layer to websites that contain sensitive information or whenever enhanced security is desirable. Multi-factor authentication makes it more difficult for unauthorized people to sign in as the account holder.
|
|
|
|
Multifactor Authentication (MFA) can help prevent some of the most common and successful types of cyberattacks, including:
|
|
|
|
Phishing
|
|
|
Spear phishing
|
|
|
Keyloggers
|
|
|
Credential stuffing
|
|
|
Brute force and reverse brute force attacks
|
|
|
Man-in-the-middle (MITM) attacks
|
|
|
MFA is considered the "golden standard" of account security, but it is not entirely perfect. The human factor must be taken into account as usual. For example, if you are the victim of a phishing attack and are directed to a page you didn't realize was fake, and you entered your username and password, there's nothing you can do to stop the phisher from immediately linking that information to the real account. This will cause the real account to request your second form of authentication, and if you respond you will have given the phisher access to your account. That's why it's very important to be aware of phishing attacks and other forms of social engineering.
|
|
|
|
When done correctly, MFA is one of the simplest and least expensive forms of security a company can implement. Given the rampant cybersecurity risks in today's digital panorama, there is no reason why businesses and individuals should not take advantage of this solution. If you invest in the most up-to-date tools, in training your personnel, and in a multi-layered security infrastructure, you will go a long way when it comes to protecting your information.
|
|
|
|
|
