Multi-Factor Authentication 101
You have probably already come across the term multi-factor authentication (MFA, sometimes 2FA). The concept is not new, but more vendors are suggesting and even requiring it to secure accounts on their systems. We will discuss what multi-factor authentication is and why you should be adopting it.
What is multi-factor authentication?
Multi-factor authentication is basically the use of more than one credential to gain access to data. It is a combination of multiple access credential types. For example, instead of gaining access to an account by just typing your username and password, you will be asked to further verify your identity by entering some other information, such as a PIN, a one-time password (OTP) sent to the phone number linked to the account. Mobile apps and fobs that generate new codes constantly are also being more widely used.
Why do you need multi-factor authentication?
Multi-factor authentication offers an additional layer of security. Simple access control measures such as logging in with user ID and password are increasingly being breached by cybercriminals because no matter how much we condition ourselves to follow good password hygiene, sometimes, we slip up. Have you ever been guilty of any of the following?
- Writing down your password so you don’t forget it
- Sharing your password with someone just to get the work done faster
- Used the same password for multiple accounts just because it is easier to remember
- Creating a password that is obvious or easy to figure out, such as your date of birth, numbers or letters in sequence, your name, etc.
Multi-factor authentication can help prevent cybercrimes that happen due to leaked or hacked passwords.
How does multi-factor authentication work?
Multi-factor authentication depends on a combination of the following three elements:
- What you know
- What you have
- Who you are
The user has to prove their identity by answering the questions related to each of these three elements. User IDs, passwords, secret questions*, date of birth, etc., fall into the first category (What you know), while OTPs sent to your smartphone, a physical token or an access card belong to the second category (What you have) and the third category (Who you are) includes biometric authentication such as retina scan, fingerprint or voice recognition.
Multi-factor authentication is no guarantee of data safety, but it certainly reinforces your data security. While there are tools available in the market that you can purchase and deploy, you could also connect with an MSP to help you implement multi-factor authentication across your network smoothly.
*A note on secret questions: Some vendors still use secret questions, but they can be as problematic as passwords. Any publicly available information should not be used as answers to secret questions. This includes information from your own or other’s social media posts as well as public records. Make up fake, even nonsensical questions and answers to your accounts, and just like passwords, vary them from account to account.