We have touched upon the subject of multi-factor authentication a bunch lately. It has become such an important part of security hardening. Enforcing multi-layered authentication of the identity of users accessing your network is recommended so strongly now because:
- There are hackers using malware scanners, scanning the internet looking for networks with weak credentials.
- The knowledge being used to crack passwords is evolving rapidly. Scientific American reported on this concern earlier this year.
- The burden on verified end-users to constantly re-invent strong, random passcodes (now recommended to be at least 10 characters long) is bad enough. Additionally, password-protection of a system that has no secondary method for confidently verifying a user can make it a very frustrating procedure to gain access to an account when the password is forgotten or compromised. Remember that emailed tokens are not the most secure way of verifying a user, since email accounts can just as easily be password-hacked.
What makes using Multi-Factor Authentication more reliable?
The email verification system was designed on the premise that each email is unique, and it presumes that only you could have set it up. But because email accounts can be hacked, and others can assume control of them, they cannot ensure identity verification. So what, then, can reliably control identity verification?
Something You Know
With Multi-Factor Authentication, passwords are not being removed as a level of user authentication, but it makes password maintenance much less burdensome. This is achieved by sharing the burden with additional measures that are harder to hijack.
Something You Are
There are several elements of who you are that would be hard for a hacker to replicate. Your fingerprint, your voice, your eyeball, all can be used as positively identifying you are you. Now that mobile devices are rigged with fingerprint scanners, it makes adding this level of authentication so easy to employ.
Something You Have
Examples of this can include a bank card (for bank account access), a smart phone (when only the user possesses it), a USB token… there are several ways to add this factor into the mix to help verify a user is authentic.
Somewhere You Are
This layer of credential security is not yet used often, but we may see it increase in popularity in the near future. It would be hard for a device, GPS-located in Beijing, China for instance, to come across as an authentic login into an office network operating in Scranton, Pennsylvania. It makes sense that this might become a helpful factor in user authentication.
An authentication process that includes two of the three of these measures is called two-factor authentication, and this alone can provide a better level of security to most networks. In some circumstances, however, more levels can be necessary.
There is nothing in the cybersecurity universe that is totally fail-safe. We all expect that multi-factor authentication measures will be plagued with its own set of hacks. However, for hardening networks to the best degree, MFA is a vast improvement over previous measures. We highly recommend it.