Multi-Factor Authentication
We use passwords online for everything: to get into our bank accounts or to access streaming services. You’ve also likely fallen victim to your passwords being used without your authorization. If not you, someone you know likely has. At large, poor password practices, social engineering, and MIM attacks are responsible.
One of the main reasons that passwords are so easily hackable is that most passwords are static. Rarely do users change their passwords regularly. If you’re not used to regularly changing your passwords, one way to prevent your information from being accessed by unauthorized accounts is to employ multi-factor authentication techniques.
Multi-factor authentication (MFA) is an extremely powerful tool for keeping your online information safe. The most common type of MFA tool used by consumers is the Google Authenticator app. Ironic considering how often I speak of Google’s invasion of privacy. However, I do have to give credit where credit is due. Google Authenticator truly is a great tool for protecting your information.
The app works by generating a one-time passcode that is then stored on a phone and remote server. The one-time passcode is useless on its own as it does not get transmitted after initial setup. That secret is used to generate a 6-digit number which is bound by a countdown timer. The generated number is valid for only a short amount of time (typically 30 seconds). This is a deterministic algorithm, where a server can also generate the same number at that time. Hence, it can validate when a user has correct access to a phone or not.
There are several other phrases and variations used in regards to this practice. Other phrases used include one-time password (OTP) or two-factor authentication (2FA). Each typically works when a user gets sent a one-time text code to use as a second form of authentication in tandem with their password. It should be noted that there are general discrepancies between these forms of authentication. For example, 2FA falls under the MFA umbrella. While an authentication via OTP also falls under the MFA umbrella, it does use different dependencies to authenticate online activity.
In terms of ease of use for a multi-factor authentication app, Google Authenticator or Microsoft Authenticator are great choices. Both applications use the same algorithm and provide a straightforward way to authenticate your log-ins.
Advantages
In terms of advantages to using an MFA tool, there are a few. One of which is that no transfer of the actual code happens after initial setup. It is only prone to an initial mobile information management (MIM) setup (which reduces numeric probability).
A one-time password is extremely difficult to guess. This reduces your risk of passwords or login information being compromised by outside sources. Many user accounts are easily accessible, using multi-factor authentication is a straightforward way to reduce your own risk of your passwords being stolen. MFA helps overcome the issue of generating complex-enough passwords to keep security in check, as well as avoiding easy-to-remember passwords that people tend to gravitate to.
In general, the more passwords that we are required to remember to gain access, the higher the likelihood we are to forget some of them. This, in turn, leads to overburdening IT teams with password resets.
Access requests in the workplace also benefit from MFA techniques. Implementation of significant controls can be put in place in order to secure sensitive and critical workplace information.
Disadvantages
While the advantages tend to outweigh the disadvantages, there are a couple of drawbacks worth noting (and no, it’s not that one of the best authenticator apps is made by Google).
One of the major drawbacks to using an MFA tool to access your accounts is that you might lose access to your accounts entirely if your phone gets lost. The information needed to gain access is stored specifically on the device that houses the authentication tool. To that end, it will be difficult to regain access if you do happen to lose your device altogether. You’ll not only have lost your phone but you’ll be locked out of common websites you regularly use.
In addition, for users who aren’t used to added levels of security, multi-factor authentication can pose somewhat of a tricky adjustment to the login process. For those who aren’t used to configuration or use of such processes, adding this technique might add additional stress or work for user support or a company’s helpdesk.
If an application used by an organization goes down, productivity can be halted. Users won’t be able to access necessary working applications until things get back up and running.
Factoring in Privacy
Usernames and passwords aren’t eliminated from the equation. MFA tools simply provide an added layer of security where usernames and passwords fail. Authentication techniques help keep sensitive information safe from prying eyes.
For companies, a combination of elements are included in order to authenticate users such as the use of security question answers, one-time passcode emails or texts, or biometric data. Log in risk can be calculated a number of ways as well such as:
- Where is the user attempting to log in from?
- Is information being accessed during normal hours?
- Which device is attempting authentication?
These authentication checks are confirming whether or not any login activity is deemed unusual and will require progressive authentication checks.
Compromised passwords can cause a world of pain and stress. Rightfully so. Think of the amount of data contained within our personal or work computers. By not taking proper precautions, you’re leaving said information susceptible to attack.
Data breaches are an all-too-common occurrence. One way in which we can help prevent them is to employ multi-factor authentication techniques. Whether you’re logging into your bank account, accessing your healthcare records, or simply logging in to send a personal email, your sensitive information is at risk of being taken.
Enhancing security is of utmost importance in today’s digital age. Whether it’s through a time-based token or biometric data, multi-factor authentication is one surefire layer to add in order to keep your information safe.