Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application or an online account (Also known as 2FA). MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack.
Why is MFA Important?
The main benefit of MFA is it will enhance your organization’s security by requiring your users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cyber criminals.
How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted.
Other Types of Multi-Factor Authentication
As MFA integrates machine learning and artificial intelligence (AI), authentication methods become more sophisticated, including:
Location-based MFA usually looks at a user’s IP address and, if possible, their geo location. This information can be used to simply block a user’s access if their location information does not match what is specified on a whitelist or it might be used as an additional form of authentication in addition to other factors such as a password or OTP to confirm that user’s identity.
Adaptive Authentication or Risk-Based Authentication
Another subset of MFA is Adaptive Authentication also referred to as Risk-based Authentication. Adaptive Authentication analyses additional factors by considering context and behaviour when authenticating and often uses these values to assign a level of risk associated with the login attempt. For example:
- From where is the user when trying to access information?
- When you are trying to access company information? During your normal hours or during “off hours”?
- What kind of device is used? Is it the same one used yesterday?
- Is the connection via private network or a public network?
The risk level is calculated based upon how these questions are answered and can be used to determine whether or not a user will be prompted for an additional authentication factor or whether or not they will even be allowed to log in. Thus another term used to describe this type of authentication is risk-based authentication.
With Adaptive Authentication in place, a user logging in from a cafe late at night, an activity they do not normally do, might be required to enter a code texted to the user’s phone in addition to providing their username and password. Whereas, when they log in from the office every day at 9 am they are simply prompted to provide their username and password.
Cyber criminals spend their lives trying to steal your information and an effective and enforced MFA strategy is your first line of defence against them. An effective data security plan will save your organization time and money in the future.
What’s the Difference between MFA and Two-Factor Authentication (2FA)?
MFA is often used interchangeably with two-factor authentication (2FA). 2FA is basically a subset of MFA since 2FA restricts the number of factors that are required to only two factors, while MFA can be two or more.
What is MFA in Cloud Computing?
With the advent of Cloud Computing, MFA has become even more necessary. As companies move their systems to the cloud they can no longer rely upon a user being physically on the same network as a system as a security factor. Additional security needs to be put into place to ensure that those accessing the systems are not bad actors. As users are accessing these systems anytime and from anyplace MFA can help ensure that they are who they say they are by prompting for additional authentication factors that are more difficult for hackers to imitate or use brute force methods to crack.
MFA for Office 365
Many cloud-based systems provide their own like Microsoft’s Office 365 product. Office 365 by default uses Azure Active Directory (AD) as its authentication system.
Many businesses will see MFA or 2FA as a pain, however Three Cherries recommend using MFA it as one of many good practices to help prevent Cyber-attacks and protect your business. Unsure if your business is benefitting from this technique, contact the Three cherries team on 0117 930 0333.