What is Multi-factor Authentication-MFA?
Last Updated on September 3, 2020 by Bobby Niswonger
It takes 20 years to build a reputation and one or two minutes of a cyber affair to ruin it. Imagine logging into your best-loved social media platform only to find your personal information available to anyone who looked. Eerie, it is, right? Such can be mitigated by incorporating Multi-factor Authentication (MFA).
A password alone is not enough to protect your data from prying eyes. Two-factor and Multi-factor Authentication (2FA / MFA) are at this moment, gaining traction globally because they dramatically increase the security of your data. Many services from email providers (Gmail, yahoo, outlook) to file sharing (drive, dropbox, box) are now requiring MFA.
Multi-factor Authentication is a system where the user gets prompted for more than one identification factor for successful authentication. Using a password and antivirus alone does not guarantee you total security against data theft. Just by adding another factor/form to identify yourself you greatly decrease the odds of your data getting compromised.
What are the MFA Authentication Factors?
Two-factor Authentication uses only two checks for identity verification, while MFA uses more than three tests to authenticate. An authentication factor is a data piece used to validate a person’s identity.
MFA utilizes five forms of authentication;
- Knowledge factor
- Inherent factor
- Location factor
- Time factor
- Possession factor
The possession factor describes something you need to have to log in. An example of a possession factor is a security token or a handset’s Sim card.
Inherent factor evokes something you are. A biological trait needed for login. Intrinsic factors include; facial recognition, retina scan, voice recognition, and fingerprint scan.
The knowledge factor is anything that you know. A knowledge factor is often a password or a security answer.
A location factor answers the question where? Such as having a geolocation lock on your device preventing you from logging in from unknown countries.
The time factor allows for the use of current time to monitor fraud attempts. There is no way you can transact in Canada, and within the next ten minutes, you are buying something online in India. It outrightly makes no sense.
Technologies Behind MFA
So, what magic supports multiple authentications?
Biometric verification entails a scanner, software, and database to process the captured data. The scanned biometric prints are transformed into digital data and matched against the existing stored records.
SMS token technology is quite popular. The user receives a short text with a PIN into their phone for verification. The PIN frequently has a time-lapse and is described as a One-Time Password (OTP). SMS tokens are often sent during a password resets.
Do note that NIST (https://pages.nist.gov/800-63-3/sp800-63b.html) currently does not recommend using SMS as a form of authentication. This is because an app on your phone could redirect the secret code to an attacker trying to access your account and because you do not always have to unlock a phone to read SMS messages. Meaning your phone could get the SMS with the OTP or secret code and an attacker would need to look at the screen of the device to gain access to the account.
Email tokens are akin to SMS tokens except that the One-Time code is sent to your email. Some organizations often send a reset link when resetting your password. An edge to the email token is that you can easily access your email from anywhere globally.
Some giant companies often prefer an automated call to their clients. From the phone call, you are furnished with your access code, which you’ll input on your end.
Again, most phone call codes have a time-lapse limit.
The software token umbrellas the possession factor. Some mobile authentication apps are integrated into various systems globally. You hence use your mobile device to scan some code on the computer’s screen or generate a one-time login password.
Some example of software token is the Authy app, Google Authenticator app, Microsoft Authenticator App, and LastPass Authenticator.
In most first sign up stages, you are prompted to enter an answer to the selected security question. These security answers often serve as an asset in case of hacking attempts. You are elicited to provide the security answer you used during sign up.
Users plug in the hardware into their computers or mobile devices and log in from there. For smartphones, the hardware token is inserted into a USB dongle or using NFC. Popular Hardware tokens include Yubikey and Due Security.
Some of the environments we are obliged to use with MFA include;
- Swiping an access card through a door
- Swiping the ATM card at the bank and entering the PIN
- Logging in to a VPN
- Resetting your mail password and being prompted to input the sent SMS or Email token
- Scanning some QR code to use a web-based platform
Subjective to the organization/company, there are different names that can be used to describe MFA. Some of the popular jargon include; Login verification, 2-Step verification, Advanced Authentication, and Step Up verification.
What are the Purposes of MFA?
Most online organizations/ companies have some security compliance they need to adhere to. All states have their own rules on the integration of MFA to the end-user. Read our article about protecting a small business about a data breach.
The ultimate goal for MFA is to enhance user security. The integration of MFA systems that use more than two authentication factors often yields 10x turnover to the client organizations. The more authentication factors, the more boosted the security is.
- User Friendliness
Due to the technology evolution each passing minute, accessing almost everything demands a password. Imagine having over ten online platforms, each with its unique password. Onerous, it could be! On the same note, it is not advisable setting the same password across all your accounts. That would be giving a potential hacker a walk in the park. With MFA, you can simply log in to your platforms only by the use of bio metrics.
What are the Pros of an MFA System?
i. Enhanced Security
ii. Escalated client loyalty and trust
iii. Boosted Productivity
iv. Truncated operation costs
v. Increased user-friendliness and flexibility
Challenges of the MFA Systems
i. High installation costs
ii. Technological complexity- some hardware tokens necessitate an overhaul to the existing systems and drivers for compatibility.
Cyber Attacks Thwarted by MFA
Some of the security breaches that MFA has successfully managed to stand in their way of include;
- Keylogger attacks
- Brute force attacks
- MITM attacks (ManInThe Middle)
Hackers are deterred because the login process will ask for another form of authentication before the system is logged in. For the MITM attack, in case the hacker has successfully managed to run the MITM adware into your computer, you are safe with the software token authentication apps.
Adopt MFA Systems in Your Online Accounts for Peace of Mind
Installing antivirus programs, setting up firewalls, and ad blocks do not suffice. Hackers and crackers are getting lethal at each passing minute. Compliance, boosted security, and user-friendliness is some of the benefits you enjoy from these MFA systems. Only people with bland lives can overlook data security.
For assistance in seeing if your applications can use MFA please see this guide here. It has a list of programs and websites that support MFA. We do recommend using MFA when possible.