In Verizon’s 2018 breach investigation report, over 65% of network intrusions were a result of hacking or social engineering attacks. So what can businesses do to protect against hackers’ attempts at accessing their data?
When it comes to best-practices for online security,
two-factor authentication (2FA) and multi-factor authentication (MFA) are
always brought to the fold. As time goes by, online service providers are
increasingly recognising the importance of ensuring a higher level of security
for their online accounts. 2FA and MFA add additional levels of user
verification during the login process, making a hacker’s life much more
complicated in order to successfully gain access.
all this talk of 2FA and MFA, it’s crucial to understand the concept behind an
authentication factor. By definition, an authentication factor is a category of
methods used to verify a user’s identity and credentials when requesting system
access. They’re there to make sure the user is who they say they are.
usernames and passwords fall under the same factor, they form a single-factor
authentication (SFA) when combined. In general, authentication factors are
usually split into three categories: knowledge, possession and inherence
factors. There are additional categories, however most online accounts make use
of these three:
- A knowledge
authentication factor includes information only a user should know
(i.e username, password)
- A possession authentication factor includes credentials retried from
a user’s physical possession, such as a hardware device (i.e. security token,
mobile authenticators etc.)
- An inherence
authentication factor includes a user’s identifiable biometric characteristic
(i.e. fingerprint, voice, iris scan)
on the categories described, single-factor authentication requires credentials
from only one category. Meanwhile, two-factor authentication involves two, so
for example a username + password and a security token. Finally, multi-factor
authentication requires credentials from at least two or more categories,
meaning another authentication factor such as fingerprint recognition could be
added in addition to the 2FA.
example, Microsoft’s Multi-Factor Authentication (MFA) requires the use of more
than one verification method and adds a second layer of security to user
sign-ins and identity transactions. With MFA in place, hackers do not have
access to the second-factor device to login. The end user experience
can be improved by not prompting a second factor when they are on a
trusted network or using a domain joined PC.
as user identity theft continually evolves through the latest types of attacks,
MFA continuously improves user security and meets stronger security policies,
which are required today.
authentication and multi-factor authentication definitely improve the level of
security on all your online accounts. However, strong policies requiring
complex passwords and changing them regularly should not be forgone when
implementing 2FA or MFA.
At BMIT we can help in enabling multi-factor authentication, and a range of other security features, across your organisation. Talk to us.