How it works?
MFA (Multi-Factor Authentication) is a method of authenticating a user’s access to a particular resource by providing two or more factors of verification.
The use of multiple authentication factors to prove one’s identity is based on the premise that an unauthorised actor is unlikely to be able to supply the factors required for access.
Multi-Factor Authentication is classified into two categories:
- Device MFA: An authentication process that implements the process directly at the point of login to a system.
- Application MFA: An authentication process that implements the process upon attempting to gain access to one or more applications.
Factors of MFA
The most widely known factors in a multi-factor authentication scheme are:
Knowledge – Something the user knows
Knowledge factors (passwords, PINs) are the most commonly used form of authentication in which the user is required to prove their knowledge of a secret. A password is a secret word or string of characters used as a factor that many authentication techniques rely on.
Characteristics:
- Easiest and widely implemented for a factor
- The strength is dependent on the user’s secret passphrase
- It can be compromised in multiple ways (social engineering, password attacks)
Possession – Something the user has
Possession factors (ID badge, security token) require a user to authenticate using something specific in their ownership. It is categorised into 2 main types:
Physical token – It consists of a physical device that is used for verification.
Connected tokens are required to be physically connected to the computer for authentication whereas disconnected tokens have no connections to the client computer and generally use a built-in screen to display the generated authentication data.
Soft token – A software token is a multi-factor authentication security device that is used to authorise a user’s access. They are stored on general-purpose electronic devices such as laptops and mobile devices, making them accessible and affordable to implement.
Characteristics:
- Provides a strong layer of security that requires physical access to a factor
- The cost to implement can be high depending on the type of token
- It can be compromised if the user misplaces their token
Inherence – Something the user is
Inherence factors (fingerprints, eyes) identify authorised users using unique physical characteristics. Factors assessing the suitability of a trait for use in biometric authentication are:
- Universality – Every user in the system should possess the trait
- Uniqueness – The trait should be sufficiently different for users so it can be distinguished from one another
- Measurability – The ease of acquisition or measurement of the trait in a form that permits subsequent processing and extraction of the relevant feature sets
- Permanence – A trait with ‘good’ permanence will stay reasonably invariant over time with respect to the specific matching algorithm
Characteristics:
1. Provides a strong layer of security that only a registered user can access
2. Difficult to spoof and is convenient as the biometrics are with the user
3. It requires a secure storage solution as it raises privacy concerns if the biometric data is leaked
Importance of MFA
A. It provides multiple layers of security
With Two Factor Authentication (2FA) being the baseline, MFA is an additional security measure.
Organisations can set a security policy for their employees to verify their credibility using a password and an OTP (One Time Password) generated through popular mobile applications such as Google Authenticator and Microsoft Authenticator.
B. Improved security with ease of implementation
Multi-factor authentication does not negatively impact the rest of the virtual space of an organisation or institution. With its intuitive user experience, users can quickly set it up with little to no effort.
C. Meeting regulatory compliance requirements
Implementing MFA can be a key requirement when it comes to complying with certain industry regulations.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle branded credit cards from the major card schemes.
From its earliest versions, the PCI DSS has required MFA to be implemented for remote access to the Cardholder Data Environment (CDE).
D. It complies with Single Sign-On (SSO) solutions
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent software systems.
An industry-compliant MFA comes with an SSO solution. Using a secondary authentication with SSO confirms the consumer identity and removes the risk of losing data due to password misplacement. This saves time while enhancing the security of the organisation.
E. It adds advanced security, even through remote access
The rise in password thefts through phishing, keylogging, and pharming has raised many concerns for organisations across the globe due to the increase in remote work culture.
These concerns can be laid to rest through the implementation of MFA.
For example, a user would receive a prompt to confirm secondary authentication even if the password is stolen. This will help prevent any data loss.
How SecurDI can help?
SecurDI brings in more than a decade of professional experience in not just designing & implementing robust MFA solutions, but also in leveraging risk based multi-factor authentication to ensure a seamless end-user experience while not compromising on security. We will work alongside you to solve your business needs and become your trusted advisor, ensuring you secure your cyber investments.
– Authored by SM Team
Pic Credits – Business photo created by rawpixel.com – www.freepik.com