The importance of enhanced security
Currently, computers and smart devices are accessible enough so that we can have several: smartphones, laptops, tablets and microdevices. Both professional activity, with or without teleworking, and personal life require portability. This, along with the tendency to move corporate servers to the cloud, makes secure user authentication even more urgent – and complicated. What brings us to multi-factor authentication: what it is and how it’s achieved.
What is it and what’s its importance?
The goal of multi-factor authentication is to create a layered defense of two or more independent credentials: what you know (password), what you own (security token), and what it is (biometric verification). Requiring multiple factors to authenticate a user makes it more difficult for an unauthorized person to gain access to computers, mobile devices, physical locations, networks, or databases; each successive layer should help protect where other layers could be weak.
How does it work?
There are three credential categories: something you know, have, or are. To gain access, your credentials must come from at least two different categories. One of the most common methods is to log in using your username and password. Then a unique code will be generated and sent to your phone or email, which you must enter within the stipulated time frame. This unique code is the second factor.
Here are some examples in each category:
Something the user knows:
- Password / secret phrase
- PIN number
Something the user has:
- Security token or application
- Verification text, call, email
- SmartCard
Something that the user is:
- Fingerprint
- Finger recognition
- Voice recognition
What are the advantages?
If it were possible to develop a single authentication method that was 100% accurate and could not be hacked, we wouldn’t need multi-factor authentication. But passwords can be seen, heard, guessed, or circumvented; a token can be lost or stolen; and an identical individual or photograph might even deceive biometric recognition systems. That’s why multi-factor authentication is currently very important for account security.
The concept of security using multi-factor authentication is that while there may be a weakness in an authentication factor – for example, a stolen password or PIN – the existence of a second or third factor would compensate to provide the appropriate authorization for access.
When should it be used?
Multi-factor authentication should be used to add a security layer to websites that contain sensitive information or whenever enhanced security is desirable. Multi-factor authentication makes it more difficult for unauthorized people to sign in as the account holder.
What can it prevent?
Multifactor Authentication (MFA) can help prevent some of the most common and successful types of cyberattacks, including:
- Phishing
- Spear phishing
- Keyloggers
- Credential stuffing
- Brute force and reverse brute force attacks
- Man-in-the-middle (MITM) attacks
Recommendation
MFA is considered the “golden standard” of account security, but it is not entirely perfect. The human factor must be taken into account as usual. For example, if you are the victim of a phishing attack and are directed to a page you didn’t realize was fake, and you entered your username and password, there’s nothing you can do to stop the phisher from immediately linking that information to the real account. This will cause the real account to request your second form of authentication, and if you respond you will have given the phisher access to your account. That’s why it’s very important to be aware of phishing attacks and other forms of social engineering.
Conclusion
When done correctly, MFA is one of the simplest and least expensive forms of security a company can implement. Given the rampant cybersecurity risks in today’s digital panorama, there is no reason why businesses and individuals should not take advantage of this solution. If you invest in the most up-to-date tools, in training your personnel, and in a multi-layered security infrastructure, you will go a long way when it comes to protecting your information