What is multi-factor authentication?
Multi-factor authentication (MFA) adds and extra step (or steps) to a login process that creates an extra layer of security. The additional steps of the login is another piece of information other than the password used for an initial login.
Types of MFA
There are various options for the extra layer of information used in the authentication process. These options give your company a choice to use something appropriate to the systems and technology you use and the type of business or service you provide.
The types of two factor authentication include:
- Push notifications
- Memorable pin or answer
- Verifiable information from a card, bill, passport, or other documentation private to the individual
- Hardware token (A small personal device creates a One-Time Password (OTP)
- SMS & voice
- Software tokens (A piece of software on a device such as a smartphone or a computer that generates a One-Time Password)
The problem with passwords
Multi-factor authentication is becoming the new standard as many businesses and customers recognise the vulnerabilities posed by weak passwords.
Passwords are weakened when you, your team, or a customer reuses the same password for many accounts. This often occurs because we have poor memories and lots of different accounts.
Cybercriminals take advantage of this and use approaches, such as credential stuffing to create brute force attacks that target thousands of accounts. Businesses and websites not using MFA are becoming targets.
Why do multi-factor authentication? What are the benefits?
By introducing multi-factor authentication, your business will have more robust security, protecting it against data breaches. Productivity, flexibility, and mobility are achievable safely, and your company will be better able to protect its reputation and avoid financial damage. Highlighting vulnerabilities and systems that are not covered by MFA forms an essential part of penetration testing.
What are the drawbacks?
Multi-factor authentication can be frustrating when paired with timed logouts. The user might become frustrated with repeatedly having to log in to tools that are frequently used.
Our tip: use a password manager with MFA, and enable it whenever prompted.
How to set up MFA
Each website, tool, or app will have its own guidance for setting up MFA. If they do not, then look into more secure alternatives. To arrange pen testing or for assistance with multi-factor authentication, please contact our team.