Amiram Pinto of NICE introduces us to multi-factor authentication (MFA) and how it can tighten up security in your organization.
The password: it is arguably the most popular and most common security measure available, and often it is also the most vulnerable. It seems like every other news cycle contains a story about a data breach and millions of compromised passwords. And what is the response of most organizations in the event or threat of a data breach? It is to change user passwords.
But the password has a lot of shortcomings. For starters, passwords do not provide a strong enough verification of identity. Anyone who gets hold of the password can simply unlock an account and do as they wish once access is granted.
In addition, the security of the account is based solely on the strength of the password, which, as we all know, is usually not strong enough. Nobody remembers a string of characters containing uppercase, lowercase, numeric, and special characters. Users want something simple and easy to remember. The dark flipside to that coin, however, is that it unwittingly makes the account very easy to hack.
This is why organizations are adopting MFA to supplement the password as a means of access control, or in some cases, as an actual alternative to passwords.
What Is Multi-Factor Authentication?
MFA is a security enhancement that verifies a user’s identity by requiring two or more pieces of evidence when logging into or accessing an account. So, end users must present at least two forms of identity verification before logging in.
The goal of MFA is to create a layered defence and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network, or database. If one factor is compromised or hacked, the attacker still has at least one more barrier to breach before successfully gaining access to the target.
In the past, MFA systems typically relied upon two-factor authentication. Increasingly, vendors are using the label “multi-factor” to describe any authentication scheme that requires more than one identity credential.
What Factors Are Actually Involved in a Multi-Factor Authentication Process?
To be granted access to an account protected by multi-factor authentication, users must combine verification factors from at least three different groups instead of just a single password. These groups are:
1. Something You Know
This is usually a password, PIN, passphrase, or questions and their corresponding answers. In order to successfully authenticate using this factor, the user must enter information that the system can then match against what was previously set up or stored.
2. Something You Have
Before smartphones became commonplace in the business landscape, users would carry around tokens or smartcards. These devices would generate a one-time use code that could then be typed or entered into the system. Today, most businesses use smartphones as the device that generates these codes or allows them to respond to a server with a one-time use code behind the scenes.
3. Something You Are
These are biometric traits, and include anything such as fingerprints, retina scans, facial recognition, voice biometrics, or a user’s behaviour (such as how hard or fast they type, move a mouse, or swipe on a screen) that can be used to identify a unique user.
With multi-factor authentication, security is strengthened because users are required to enter not only a password, but also another authentication factor—something that would be much harder for hackers to steal.
A Vital Element of Cybersecurity
Increasingly, many organizations are recognizing the threat of data breaches. The frequency and scope of these breaches continues to rise, which is one of the reasons why cybersecurity has become a top priority for many organizations, especially with the rise of cloud communications. To address this concern head-on, the majority of organizations have turned to and are implementing MFA.
In fact, the multi-factor authentication market is expected to reach $12.5 billion by 2022. This shows that a lot of organizations think that MFA is, right now, one of the best security measures that can be implemented to protect your company, users, and sensitive data.
Multi-factor authentication provides a layer of protection for both employees and customers against hackers, scammers, and thieves. It mitigates the ripple effect of compromised credentials: a hacker may steal a username and password, but if they’re prompted for another factor before they can access critical data, make a transaction, or log into a system, they’re stopped cold.
So, it’s all about adding factors. But how an MFA solution is implemented is just as important as the credentials it’s asking to validate. A good multi-factor authentication method combines two or more factors in a convenient way. The usability of the implementation must always be the first consideration when installing a multi-factor authentication system.
Why? Because nobody can be expected to remember a 16-digit password with special characters, answer a question about their third-grade teacher’s favourite pet, then input a one-time-password generated by an app, and finally type in arbitrary text while wiggling the mouse to determine their behaviour pattern.
A good multi-factor method should be just as simple and convenient to use as the original computer-based authentication method: the password.
Even when applying multi-factor authentication, organizations can still stay focused on customer experience. The good news is that multi-factor authentication can be seamless. It’s just a matter of choosing the right authentication methods.