What Is Multi Factor Authentication and Why Should You Care?Updated: July 31, 2019
Multi factor authentication adds a strong layer of security to protect your accounts and personal information.
It's important to find the right and strongest security solutions so we can keep our devices and online accounts safe from hackers and cybercriminals.
We live in a day where most of our sensitive information is stored in at least one place online. We use all kinds of online services that have access to our data, from social media platforms to accounts on online shopping platforms that keep a record of sensitive data such as credit card details.
When someone manages to hack into one of your online accounts, they can get access to lots of personal information that can be used for fraudulent activities, such as identity theft or directly stealing your money.
Part of keeping our accounts safe in the online world is using strong passwords all over the place. But what happens if someone should find one of your passwords in case of a data breach?
This is where multi factor authentication comes into place by offering a second layer of security in addition to the standard password.
So let's dive a bit deeper into what multi-factor authentication is and why it's important to use it for strengthened security.
Multi factor authentication (MFA) is a security method where the authentication system requires more than one factor (pieces of evidence) to verify the user's identity.
Multi factor authentication emerged because of the need to improve the security of online accounts and computer systems as traditional username and password login might not always be the most secure solution.
Usernames and passwords are usually stored in a database. If that database should be hacked into and stolen, all users' accounts are in danger. This occurrence of someone gaining unauthorized access to a system to steal information is known as a data breach. And it happens more often than you might think and even to popular platforms. For example, in 2013, 3 billion Yahoo user accounts have been leaked, the information stolen including usernames, passwords, security questions and passwords.
Moreover, brute force attacks have become a real danger with the increase of CPUs' processing speed. The tools dedicated to password cracking can produce more than 500 million passwords per second. That's a lot!
But by using multi factor authentication methods, no one can get access to your account without also providing the second (or more) authentication factor, even if they managed to steal your password.
Authentication factors refer to the credentials used for identity verification. Multi factor authentication requires at least two types of factors to increase the certitude that the one trying to access the account is indeed who pretends to. The main three authentication factors categories are referred to as something you know, something you have, and something you are.
There are three authentication factors:
Something you know - This category represents the information a user must know in order to log in: username, ID, password, PIN, answers to security questions.
Something you have - This category represents factors the user has in their possession: security token, USB stick, bank card, one-time password, key, employee ID card, smartphone.
Something you are - Here we're talking about users' biological traits: fingerprints, retina scan, iris scan, facial recognition, voice.
Other factors might include:
Location factors - There's also the possibility to verify one's identity based on their location. If this type of authentication is used on mobile devices, the process gets way easier as the GPS will fetch the exact location.
Time factors - This type of authentication has great uses in companies against account hijacking attacks because the time of a user's login can be compared to the work schedule. It is also used to prevent banking fraud because someone using their credit card in an ATM in Germany, is not possibly able to use it in China 10 minutes later.
Software tokens are the piece of evidence stored on electronic devices one may use to authorize access to a computer system. Soft tokens can be embedded on devices such as laptops, PDAs, mobile phones. Although they are becoming more and more popular, their downside is that they are exposed to threats such as computer viruses and software attacks.
Security tokens are also known as hardware tokens and they represent a physical device that authorizes the access to a system. The token can be embedded in easy to carry devices such as smart cards, USB sticks, or key fobs and they can have the feature of authorizing the access through Bluetooth or WiFi, without needing to connect them to the computer. Another example of soft tokens are the tokens provided by banks that allow customers to verify their identity before connecting to their accounts.
Many services are allowing two-factor authentication through smartphones. And it is a widely used method for lots of users all around the world because the process is extremely simple. You try to log in to an account form the desktop device, provide your login credentials, and you are required to also verify your identity through your mobile phone. Your smartphone might display a popup where you have to tap on "Ok" or it might display a code you must copy on your desktop device (this happens for services you have already installed on your smartphone, such as Google Drive or Yahoo accounts). Another scenario is when you receive an SMS on your phone containing a one time code.
As easy as this method is, it also suffers from some security concerns. Not only phones can be cloned, but cell-phone maintenance employees can read SMS texts and apps can run on multiple devices. Moreover, what happens if your display is broken and you can't read the SMS with the code or you lose your mobile phone altogether?
Biometric identifiers are unique and measurable characteristics that are used to verify someone's identity. Examples of such characteristics are fingerprints, palm veins, face recognition, palm print, DNA, hand geometry, iris or retina recognition. Biometric tokens are more reliable for verifying someone's identity than knowledge-based token because they are unique to each individual. Still, there are also some privacy concerns about how all this sensitive information is being used.
The more factors or layers are incorporated into the authentication system, the more secure the system will be. This is true for both users' accounts and for companies' systems.
If someone manages to steal your password to one of your accounts through a data breach, brute force, or phishing, they won't be able to log in to your account if you have multi factor authentication enabled. For example, if someone hacks your Facebook profile, when they'll try to log in, you'll receive an SMS text on your phone with the verification code. Not only the attacker won't be able to get access, but you'll also know that someone else is trying to access your account.
For companies, using multi factor authentication will diminish the chances for someone to gain unauthorized access to the computers system. Even if one of the factors gets compromised, the attacker will still have one more layer to breach before getting access to the system.
This is highly important for businesses and organizations. Apart from encrypting data, federal laws also require organizations to implement multi factor authentication in certain situations especially when it's about protecting sensitive data (financial details, personally identifiable information). And even when the law doesn't specifically request multi factor authentication, they still highlight the importance of a strong authentication process. And multi factor authentication is the strongest method we know so far.
When you're choosing the authentication factors when you're implementing multi factor authentication, it's also important to pick the right ones. For example, verification methods such as SMS or voice calls are less desired because SMS and voice calls can be easily intercepted.
Enabling multi factor authentication in an organization might seem overwhelming because the employees have to log in to multiple accounts and apps.
But using multi factor authentication in conjunction with single sign-on will actually simplify the login process. The single sign-on software validates the users' identity through a multi factor authentication method and then gives them access to the overall apps covered by the single sign-on software. this way, users don't have to log in for each app individually.
As you've seen, multi factor authentication provides an extra security layer to cover standard password-login vulnerabilities.
Nowadays, the traditional passwords authentication method is most vulnerable to cyber attacks, putting users' personal data (personal and financial details) at risk. Multi factor authentication provides a unique code that only a specific user has access to.
Knowing what multi factor authentication is and which are the best methods is important for both individuals who want to protect their accounts and for business owners who don't want to compromise sensitive information or customers' details.
Whenever you register to use a service or a platform, you should check if they allow multi factor authentication and enable at last one additional verifying factor. This will make your accounts more secure and keep potential criminals out of your business.