Multi-Factor Authentication (MFA) Reduces Risk of Account Compromise
March 6th, 2018 by admin
Authentication is the process of confirming that an individual is who he or she claims to be. It can involve providing information - like a username and password. Users can authenticate with an ATM card and PIN, a device that can generate or receive a code that can be used to log in, or a biometric such as a scanned fingerprint. Authentication is a key requirement if you want to carry out a transaction online, but like all other credentials we use, it’s susceptible to being compromised.
Single-Factor, Two-Factor, and Multi-Factor Authentication
Authentication can be a single-factor, where a user enters a username and password. It can also be two-factor (2FA), where a user logs in using a username and password, plus enters a one-time-passcode received from another device, like a mobile phone. Authentication can also be multi-factor (MFA) which requires two-factor authentication plus another factor like a voice or fingerprint. There are also risk-based, multi-factor authentication systems that require MFA based on a set of risk-based rules (such as what device you are trying to log in from). 2FA is really a subset of MFA; meaning, all two-factor authentication (2FA) is multi-factor authentication (MFA), but not all MFA is 2FA.
The traditional (and less secure) way to log in to an account is single-factor authentication. For most single-factor sign-one, people like to use their email address and a familiar password so logging in is easier. Enter these two pieces of information and you’re in and able to use your account along with all the information that’s tied to it (your address, credit card number, etc.). Unfortunately, if you’re one of the 54% of people who use five or fewer passwords for all of their online accounts, you could easily create a “ domino effect.” One that allows a hacker into any number of different accounts you have, just by cracking ONE password! To make matters worse, if you use the same password for your work-related logins, as you do for any of your personal logins, your potential for causing a security incident at work just grew exponentially. That’s where MFA comes in to offer a higher level of protection.
Even though MFA requires an extra step in the login process, most commercial sites make it a relatively easy process. In fact, there’s a good chance you’re already using MFA without even realizing it. Over the last few years, almost all banking and financial services sites, require MFA. In addition, companies including Google, Microsoft, Facebook, and Twitter now all offer MFA solutions to their customers who want additional protection. Where these companies go, so goes the rest of the Internet; so, you’ll notice lots of other sites and services now offering MFA options.
Increased Security
Multi-Factor Authentication adds an additional layer of security, making it harder for someone to impersonate you online. In the example provided above, someone would need to steal both your password and your phone to compromise your account. If your mobile phone is locked (which it should be), they would also need your phone PIN, swipe pattern, or fingerprint to unlock it.
The increasing adoption of MFA is a positive development in the fight against cybercrime. The added layer of defense it provides helps combat threats that would otherwise be successful against single-factor sign-on solutions. This is why we often recommend that network administrators use an MFA solution to protect sensitive data.
Despite these positives, a note of caution is warranted here. As with all security enhancement techniques, adding MFA is not a panacea against all attacks. While MFA can significantly reduce particular computer security risks, there are multiple ways to attack different MFA solutions. In the end, the solutions we employ can make it more difficult for hackers to make us their victims. But there is no practice or product available that can guarantee protection against fraud.
Using MFA is a helpful tool that should be used whenever possible; especially when it comes to your most sensitive data - like your primary email, your financial accounts, and your health records. Take the initiative to use it. You can look here to find a list of websites that offer MFA.
Posted in: Security, Business Advice