Multi Factor Authentication (MFA/2FA)
Dr Craig Valli and Dr Ian Martinus
There are various ways to steal passwords or gain access, including phishing attacks, brute force attacks, web app attacks, point of sale intrusions and even stolen or resold hardware. One of the countermeasures to password weakness is the use of Multi-Factor Authentication (MFA). As the name implies multiple factors are used to authenticate or provide proof to a system you who you claim you are. These factors can be broken into 3 general groupings
Something you are – often referred to as a biometric e.g fingerprint, facial recognition
Something you know – a password, a reply to a question
Something you have – a hard token, entering a software authenticator token (Google, Microsoft, etc)
MFA provides another layer of protection for both employees and customers that addresses all of the weaknesses of having passwords as your only method of authentication.
MFA also enables porosity and mobility which is increasing desirable and applicable in the current covid inspired transition to remote working. By using MFA to log into your network remotely via VPN or access systems in the cloud they get the flexibility of working remotely and your business gets the extra assurance that the correct people are accessing your critical systems.
MFA is increasingly becoming a key requirement when it comes to complying with certain industry or legal regulations. For example, an obvious one is in finance and banking PCI-DSS requires that MFA be used in certain scenarios to prevent theft and fraud when transacting.
Protecting your business with MFA
You need a secured “authenticating” device
you typically need a mobile phone or tablet or computer capable of running an authenticator app. There are several advantages to using these first you do not have a preponderance of hardware tokens or applications you need to remember they are stored in the one place. Secondly you should be using MFA to login into your authenticating device…yes PIN and fingerprint/facial recognition, remember these are literally the keys to your digital kingdom. On some platforms you can require a further pin to use the individual app enable where you can for your sensitive apps.
Most competent online social media platforms now allow you to enable MFA. This prevents hijacking of your accounts we recommend that if your platform does not offer MFA then consider dumping it.
You should make it your business policy that MFA should be used on pretty much all systems that can use it phones, tablets and computers. Yes, even on your desktop/laptop computers in your workspaces.
Why? it prevents malicious insiders/inquiring children getting access to a workers account. A decent USB fingerprint reader costs around $70-100 and is the perfect MFA foil for the cyber drive by or access of your device. Remember to make sure you do backups of the codes or anything else the system prompts you to backup when installing.