Multi-factor authentication (MFA) is an extra layer of security that can be used to protect online accounts and other shared computing resources against unauthorised access.
The easiest way to understand MFA is to think about your bank card. When you withdraw cash from an ATM, you need your card (something you have) and your PIN (something you know). There is also a third factor (something you are) – your fingerprint, retina or other biometric information.
When you enter the wrong PIN, the cash machine won’t let you withdraw money and will prompt you to take your card. The same is true with MFA. When you enter the wrong details, access will be denied, and your information will remain secure.
Why is MFA important?
It is more important than ever to protect online assets.
1 – The threat of identity fraud is growing. Hackers have unfettered access to a plethora of personal information from social media accounts, making this type of fraud an easy win.
2 – We have more to lose. We are increasingly reliant on digital infrastructure to manage our lives. Dating, communicating, working, shopping and banking are just some of the areas dominated by digital technology.
3 – Streamlined access. MFA offers a simple and secure method of offering access to the right people at the right time.
4 – Providing another layer of protection against weak or compromised user credentials. MFA should complement strong user credentials; however, it can also provide an additional layer of protection against weak or compromised credentials in some instances.
5 – More organisations and individuals are being targeted by hackers. The chances of being targeted by hackers are increasing. Criminals have many motivations for accessing online data including theft, service disruption, data destruction and more.
What types of authentication exist?
Authentication takes many forms, most of which you will be familiar with already.
Examples of things you know:
PIN – a numeric password such as the one typically used to access your phone or to protect your bank account.
Password – A string of user-defined characters that may include numbers, symbols, upper-case and lower-case letters. It’s important to follow best practice when choosing a password, download our free password guide to get some useful pointers.
Challenge/response – Answers to questions that only you should know. This type of authentication method is less effective due to the amount of personal information available online. Pet names, high-school name, place of birth and even date of birth can, in many cases be accessed by online criminals.
Examples of things you have:
Magnetic stripe cards – Cards that contain user ID data.
Smart cards – A smart card has a pre-programmed integrated computer circuit, usually taking the form of a small chip. Examples include bank cards and mobile SIM cards.
Security tokens – Mobile apps and physical USB tokens that generate a unique one-time passcode (OTP) typically within a minute before generating a new code. Many companies also use SMS messaging to deliver OTPs.
Example of something you are:
Biometrics – Examples of biometric data include voice recognition, fingerprint and iris scanning.
It’s important to note that multifactor authentication is where two unique factors are used in conjunction with one another at the same time – i.e. a smart card must be used with a PIN. Similarly, a security token or authentication app is used to deliver a passcode which must then be entered into the system.
Identity Access Management
Many organisations are seeking to further streamline the login process by using Identity Access Management (IAM) solutions. IAM removes the need for users to know their login credentials and is used to login into apps. Passwords are generated automatically by the software, reducing the possibility of a simple weak password being chosen by the user.
Another benefit of using IAM is during offboarding. If users don’t know the login credentials to various web apps, they can’t access critical business files once their employment comes to an end, making life easier for system admins and business owners.
Why should I care about multi-factor authentication?
Multi-factor authentication on its own won’t be enough to protect your business online, but it will help to ensure your people are taking steps to protect their vital information. As your business grows and becomes more reliant on digital services to function, the threat from cybercrime will increase significantly.
Adding an additional layer of security to business and personal logins will help protect your information and will reduce the threat of becoming another hacking victim. Multi-factor authentication should definitely be in your IT security strategy wish-list this coming year if you haven’t already thought about it.
Network ROI can recommend MFA solutions to suit the needs of your business. Call us on 0131 510 3456 for a chat with one of our security experts today.