Multi Factor Authentication (MFA)

You have probably heard of two-factor authentication and multi-factor authentication before in this article, we’re going to see what they really are, and how they improve the security of our network to access certain services we generally need to be authenticated and authentication is all about proving that you really are who you claim to be, there are three primary methods called factors to prove who you are these are known as what you are what you know, and what you have some people also likes to add where you are, and what you do to this list now this definitely sounds weird at first, but it will all make sense soon the first form of authentication that would jump to your mind is a username and password this is an example of something that you know that is only you know your password so if you enter it correctly you must be who you say you are another example of what you know is a pin that you might use when entering a secure building or withdrawing money at the bank this isn’t foolproof though what happens if someone steals your password they might guess it maybe you share it with them both of which you should be trying to prevent but even if you have an unguessable password and don’t share it a website you use might be compromised and your password could be stolen that way if you’re skeptical i guarantee that it does happen take a look at the link here for example, this site lists whether your password has been stolen from a compromised site at one time or another so the problem then is that a single factor can be too easily compromised if that happens someone else can authenticate as you what we can do then is add a factor, for example when you log on to a website it might send a code to your phone which you are then required to type in you must have the phone in your possession for this to work this is an example of what you have if someone were to compromise your password they would then also need to steal your phone it’s now a lot harder to log in as you this has been around quite for a while think of withdrawing money from the bank you need a bank card which is something you have as well as a pin which is something you know this could also be an app on your phone like google authenticator or a physical device that you carry with you called a key fob, and that’s the guts of multi-factor authentication adding security by using more than one authentication factor you’ve probably used this before and maybe you’ve not even realized it think about when you do your online banking For example, you open a web page you enter your username and password, and perhaps an account id this is the first factor of authentication the bank sends a code to your phone which you need to type in this is the second factor only you should be in possession of both login details and the phone so, you have now proven that you really are you if you would like to try this out i recommend looking at an application called duo security they have free accounts that you can use with a website like WordPress we mentioned three main factors at the start of the article are you wondering what the what you are factor is it’s basically using some sort of biosecurity that means fingerprints retina scans that sort of thing it’s essentially using some part of you to prove you are who you say you are so that means you could use all three factors in some cases use a password to log in send a code to an app on your phone, and then needing a fingerprint to unlock your phone to compromise this an attacker would need to steal your password steal your phone, and then somehow coerce you to unlock the phone for them either that or steal your finger which is a pretty grisly thought traditionally these are the three factors of authentication but some people like to consider two more the first is where you are this could be something like an access list on a firewall restricting logins to certain locations. However, that doesn’t prove your identity so I think it’s a bit of a stretch the other is what you do which has some relatively new applications this is something that you do uniquely like a signature some technologies like capture can look at details like how you move your mouse which a robot would find hard to forge once again though these are more focused on proving that you’re human rather than whom you are, and that’s how MFA works I hope you can see the benefits of using this and are keened to give it a try in my experience though the tricky bit is convincing your users.

Add Comment