Posted A Guide to Multi-Factor Authentication on Blog
Today, computers and smart devices are inexpensive enough that we can own many of them: smart phones, laptops, tablets, and even wearable micro devices. Our work and private lives demand portability. This, along with a trend towards moving enterprise servers into the cloud, makes secure user authentication even more imperative…and tricky. That brings us to multi-factor authentication (MFA), what it means, and how it is achieved.
What Is Multi-Factor Authentication?
The goal of multi-factor authentication is to create a layered defense of two or more independent credentials: what you know (password), what you have (security token), and what you are (biometric verification). Requiring multiple factors to authenticate a user makes it more difficult for an unauthorized person to gain access to computers, mobile devices, physical locations, networks, or databases; each successive layer should help protect where other layers may be weak.
Multi-factor authentication is becoming more common, particularly in the financial industry, and is advancing to include retina and fingerprint scanning, voice recognition, and even facial recognition.
How Does Multi-Factor Authentication Add Security Benefits?
If only it were possible to develop a single method of authentication that was 100 percent accurate and could not be hacked—we wouldn’t need multi-factor authentication. But passwords can be seen, overheard, guessed, or bypassed; a token can be lost or stolen; and an identical twin or using a photograph may even work to fool biological recognition systems. This is why multi-factor authentication is currently very important to account security.
The concept of security using multi-factor authentication is that, while there may be a weakness in one authentication factor—say, a stolen password or PIN—the strength of a second or third factor would compensate to provide proper authorization for access.
What Multi-Factor Authentication Options Are Available for Mobile Devices?
Applications are available which generate one-time passwords in the same way that security tokens have operated in the past. The one-time password is generated and sent to the mobile device using a time-based SMS.
Using a smartphone or tablet eliminates the need for a user to keep track of a token, and companies incur less cost replacing lost tokens, activating tokens for new employees, or deactivating tokens when an employee leaves.
Top smartphone manufacturers understand that security is a growing customer concern, and have also started offering biometric authentication to ensure that only the authorized user can access the device. Each of these techniques have advantages and disadvantages.
Mar 07 2018, 9:10 AM