What Is Multi-Factor Authentication?
Editor’s Note: This article was published in 2017 and has been updated for accuracy and comprehensiveness as of October 2020.
In this blog, we will take identity management a step further by introducing the concept of Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA). Multi-Factor Authentication is simply using a combination of knowledge of yourself, a second device or object you own, and a physical verification of identity.
Your password is generally the first piece of your Multi-Factor Authentication solution (if you haven’t already, read about how to make a strong password). A physical verification would be a fingerprint or facial recognition. For a second device, a key fob or an SD Card are examples. In short, the core of Multi-Factor Authentication is the act of using 2 or more of these to prove that it’s really you.
Why Multi-Factor Authentication?
It makes logging in slower and more complicated. Plus if you cut your finger or don’t have your phone on you, you can’t log in. But the hacker that stole your password can’t either. So, they may have your password, but when challenged for the second piece of the MFA, they can’t continue. In some cases, your account will inform you of a failed attempt so you know someone else is trying to get in, and you can change your password without a breach occurring.
Moral of the story? Always turn on Multi-Factor Authentication if it’s available. To reduce the complexity, you can extend your company’s local security domain (typically Active Directory) to cloud services that will ask for another authentication method. These tools centralize the management of your identity and reduce the number of passwords to remember, making it easier to follow good password policies.
Don’t be researchable.
In addition to Multi-Factor Authentication, some sites and applications use challenge questions. Typical challenge questions are:
- Where did you go to high school?
- What was the first car you owned?
- Mother’s maiden name?
Never use answers that can be verified easily, because social media is a treasure trove of information for hackers. How hard is it to find out where you went to high school? We recommend using the challenge question fields like passwords. Enter long (16 characters), non-dictionary, complex entries. These challenge questions used in conjunction with your password are a weak substitute for physical or second-device options. Remember, Multi-Factor is a combination of two or all three authentication methods: something you know, something you have, and something you are.
Below is a summary of what we’ve learned in the last couple of weeks:
- Change your password regularly
- Use unique passwords between systems, applications, and sites
- Implement complexity (long – 16 characters, non-dictionary, complex entries)
- Turn on Multi-Factor Authentication when available
- Centralize Identity Management when possible
- Integrate Active Directory
With all the breaches over the last few years, the likelihood that at least one of your accounts has been compromised is high. Adding Multi-Factor Authentication can greatly reduce the risk of compromise. For more security tips from Twin Cities managed services provider, SUCCESS Computer Consulting, contact us at 763-593-3000.