What is Multi-Factor Authentication?
Multi-factor authentication, otherwise known as MFA, is a security technology that requires multiple methods of authentication to verify a user’s identity for a login or other transaction. This takes security to the next level and prevents hackers or anyone attempting to access your information from simply guessing a password, or bypassing uncomplicated security measures. Multi-factor authentication combines two or more independent credentials:
- what the user knows, such as a password or security question
- what the user has, such as a security token (work badge, car key fob, etc.)
- what the user is, by using biometric verification methods (fingerprints, face ID, etc.)
The purpose of MFA is to create a layered defense that makes it much more difficult for an unauthorized person to access a target, such as a physical location, computing device, network or database. If one factor is compromised, the attacker still has at least one or more barriers to breach before successfully breaking in.
Previously, multi-factor authentication systems simply relied on two-factor authentication (2FA). However, now some systems are using even more credentials, noting that their security has greatly improved with every added step. Increasingly, vendors are using the label multi-factor to describe any authentication scheme that requires two or more identity credentials, in hopes of decreasing the possibility of a cyber attack. As more websites and companies are noting the benefits of multi-factor authentication, its popularity is growing immensely.
Why is it important?
The biggest shortcoming of traditional user ID and password logins is that both IDs and passwords can be easily guessed or compromised, potentially costing organizations thousands or even millions of dollars. This simple log-in criteria has been around for a considerable time, and hackers have learned and developed numerous methods for system access. Multi-factor authentication is a major key to strengthening your security, and stopping unwelcome intruders in their tracks.
Multi-factor authentication methods
An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that the entity requesting access to a system is who — or what — they say they are. The use of multiple forms of authentication can help to make a hacker’s job more difficult.
The three most common categories of authentication factors are described as something you know (the knowledge factor), something you have (the possession factor), and something you are (the inherence factor). By combining two or more factors from these three categories, you now are utilizing MFA.
Knowledge factor
Knowledge-based authentication typically requires the user to answer a personal security question. Knowledge factor technologies generally include passwords, four-digit personal identification numbers (PINs) and one-time passwords (OTPs). Typical user scenarios include the following:
- answering a previously submitted security question, such as favorite tv show or mother’s maiden name
- swiping a debit card and entering a PIN at the grocery checkout
- downloading a virtual private network client with a valid digital certificate and logging in to the VPN before gaining access to a network
Possession factor
For this particular credential, users must have something specific in their possession in order to log in. This can include a badge, token, key fob or phone subscriber identity module (SIM) card. For mobile authentication, a smartphone often provides the possession factor in conjunction with an OTP (one-time password) app. Possession factor technologies include the following:
- A badge or card such as as work badge that gains access to restricted areas
- Car key fobs that are unique to a specific vehicle/owner
- Security tokens; small hardware devices that store a user’s personal information and are used to authenticate that person’s identity electronically. The device may be a smart card, an embedded chip in an object, such as a Universal Serial Bus (USB) drive, or a wireless tag.
- A software-based security token application generates a single-use login PIN. Soft tokens are often used for mobile multi-factor authentication, in which the device itself – such as a smartphone — provides the possession factor authentication.
- Mobile authentication, where users receive a one-time code via their smartphone to gain or grant access — variations include text messages, emails and phone calls sent to a user as an out-of-band method, smartphone OTP apps, SIM cards and smart cards with stored authentication data
Inherence factor
This credential is quite hard to fake, and is used in situations where strict access is imperative. Any biological traits the user has that are confirmed for login. Inherence factor technologies include the following Biometric verification methods:
- Retina or iris scan
- Fingerprint scan
- Voice authentication
- Hand geometry
- Digital signature scanners
- Facial recognition/Face ID
- Earlobe geometry
Biometric device components include a reader, a database and software to convert the scanned biometric data into a standardized digital format and to compare match points of the observed data with stored data.
Typical inherence factor scenarios include the following:
- using a fingerprint or facial recognition to access a smartphone;
- providing a digital signature at a retail checkout; and
- identifying a criminal using earlobe geometry.
How ComRes can help
In today’s world of technology, neglecting to apply strict online security can result in not only a data loss, but a monetary loss as well. Protecting your files is the modern-day lock on your front door; without the proper precautions, you are opening yourself up to losing everything you have worked so hard for. Implementing multi-factor authentication is just one step of many that can help to ensure that you will not suffer an unfortunate loss at the hands of a hacker or bad actor.
When it comes to ensuring your company or data’s security, it is important to research your options when it comes to multi-factor authentication. Since there are endless ways to go about implementing MFA, we suggest contacting a reputable company such as ComRes for all of your technological needs. Call us today at 954-462-9600 or fill out our online form to receive more information on how we can help your business technology thrive, maximize your potential, and protect your data to the fullest!