Sharing Our Expertise December 2021
When user authentication strategies were first introduced, the intent was to enforce security but to also keep it as simple as possible (i.e., user ID and password) to inform a system that they were authentic and authorized.
Hackers have changed all that – at an alarming pace. Their purchasing of passwords and use of automated password cracking tools or numerous other sophisticated methods have prompted companies of all industries and sizes to look for more hardened forms of user authentication employing additional security factors for verification. The industry term is ‘Multifactor Authentication’ and as my colleagues at The Solutions Team will attest – it’s the new normal.
What Is Multifactor Authentication?
Multifactor Authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. In other words, it creates a layered defense that makes it more difficult for an unauthorized person to access a target, such as a physical location, computing device, network or database.
Each additional ‘authentication factor’ is intended to increase the assurance that an entity involved in some kind of communication or requesting access to a system is who — or what — it says it is. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target.
MFA works by combining two or more authentication factors from these five most common categories:
o The Knowledge Factor: Knowledge-based authentication typically requires the user to answer a personal security question (i.e., mother’s maiden name). Knowledge factor technologies generally include passwords, four-digit personal identification numbers (PINs) and one-time passwords (OTPs).
o The Possession Factor: Users must have something specific in their possession in order to log in, such as a badge, token, key fob or phone subscriber identity module (SIM) card. For mobile authentication, a smartphone often provides the possession factor in conjunction with an OTP app.
o The Inherence Factor: Any biological traits the user has that are confirmed for login. Scenarios typically include using a fingerprint or facial recognition to access a smartphone;
providing a digital signature at a retail checkout; and identifying a criminal using earlobe geometry.
o The Time Factor: Time-based authentication is also used to prove a person’s identity by detecting presence at a specific time of day and granting access to a certain system or location. For example, bank customers cannot physically use their ATM card in the U.S. and then in Russia 15 minutes later. These types of logical locks can be used to help prevent many cases of online bank fraud.
o The Location Factor: Again, the ubiquity of smartphones can help ease the authentication burden. Users typically carry their phones, and all basic smartphones have GPS tracking providing credible confirmation of the login location.
MFA Pros and Cons
MFA is proven to authenticate the identity of users and assure the integrity of their digital transactions. The downside is that users often forget the answers to the personal questions that verify their identity, and some users share personal passwords. Other benefits and disadvantages include:
· adds layers of security at the hardware, software and personal ID levels;
· can reduce security breaches by up to 99.9% over passwords alone;
· can be easily set up by users;
· enables businesses to opt to restrict access for time of day or location; and
· has scalable cost, as there are expensive and highly sophisticated MFA tools but also more affordable ones for small businesses.
· a phone is needed to get a text message code;
· phones can get lost or stolen;
· the biometric data calculated by MFA algorithms for personal IDs, such as thumbprints, are not always accurate and can create false positives or negatives;
· MFA verification can fail if there is a network or internet outage; and
· Adding security factors to MFA further complicates ease of use for users who must remember multiple passwords.
The Future of Authentication
It’s hard to imagine anything more futuristic than a device scanning your face to authenticate you, but a new authentication technology is likely just around the corner. There’s talk around Silicon Valley of using heartbeat, gait, or even behavior for authentication in the near future. Some companies are using more practical methods of password-less authentication like magic links or codes through email and SMS.
What we do know is there will always be a need to upgrade MFA techniques to protect against the cyber criminals who work incessantly to break them.
To learn more about Multifactor Authentication and the best solution for your business, please contact Todd Gooden at email@example.com