MFA

Best Security Approach to Protect Yourself and Your Data

What is MFA

It’s a method that requires users to provide more than two verification factors to gain access to your resources. MFA is a part of Identity and Access control. Besides, asking for just a username and password.

MFA is Multi factor Authentication. It is a 2nd-factor Authentication beside your username and password where username and password are considered the 1st Factor and MFA the 2nd Factor. Meaning if your 1s Factor is compromised, the attackers have a more challenging time attacking your content since they don’t have the 2nd Factor.

Having said that, with 2nd Factor, nothing is 100%. The 2nd Factor can be easily compromised if you don’t take precautions to protect it. Your 1st Factor (username and password) can also be compromised if you don’t protect it.

For Example:

It would be best if you protected your 1st Factor (username and password), making it hard enough so it cannot be broken. What I mean by hard enough is you have to make your password long and min of 10 characters with uppercase, lowercase, symbols, and numbers. Similar to when you at trying to log in to google for the first time. Google login prompts you for a complex password. You can even use a password generator to create a password for you or use a password manager. We have another article about password managers. Password managers have password generators and vaults to keep your password safe. Lasspass is an example of password vault and generator.

You also need to use some form of antivirus to protect your system from being compromised. We have an article related to various corporations providing antivirus.

Next, you have to have encryption in your workstation to encrypt the data and encryption keys for your passwords. Although some computers and operating systems come with encryption software, you may have to enable them.

With all the above protection, you are still at risk. So you have enabled multi-layers of protection, but you are not 100% covered. At least you have taken enough security to protect your workstation plus enable Multi-Factor Authentication.

I brought all these points up because if your system is compromised, an attacker can easily steal your 2nd Factor (MFA) keys that reside on your workstations. This could be harder for hardware tokens but easier for soft-tokens.

Who uses MFA

MFA is used by various people. From the single individual who wants to protect their computing devices to large corporations.

What MFA is used for

MFA is used for different situations, from protecting your financial information to your PC.

For example;

Companies usually use MFA to protect their system from prying eyes requiring their employees to access the corporate network.

Banks require customers to log in to view their banking information using MFA.

When users log in to their websites, the administrator sometimes requires them to use MFA to protect their credentials and content. For example, many Webhosting provides MFA for users to log in using a pin sent to their phone or email.

You can enable MFA logging into your financial institutions, various Google sites, etc.

You can go we even go further, the system administrators in various corporations use MFA to authenticate into multiple applications and servers that host non-public information.

Types of MFA?

  • Hardware Based
  • Software Based
  • Fingerprint, facial recognition, voice, retina or iris scanning
  • Behavioral Analysis

Software based MFA

Software Based tokens are tokens that come with some form of application that you purchased through a retail store. Software-based tokens are installed in your Operating Systems. Most Software based keys are protected through priority software to reduce the attack surface on your computer. There are advantages and disadvantages to this approach.

Hardware based MFA

Hardware tokens are usually used to protect computer hardware such as specific servers, PC laptops, Cell Phones, etc.

Hardware tokens could be NFC enabled or USB connectors such as the Yubico key. The are several different Yubi keys. Sometimes individuals want to have physical possession of their MFA.

You can carry hardware keys on your key-chain or pocket, or briefcase. The convenience of hardware-based MFA is that you know you have the key in your possession at all times. You have access to the token and its encrypted token. You don’t have to rely on the operating systems; it keeps your encrypted key. And if your Operating system fails, you don’t have to worry about recovering your keys.

The Disadvantage of Hardware tokens is that they might get lost or broken. There are ways to recover from lost and damaged tokens. You have to go through multiple steps to recover your keys. Other disadvantages are the downtime and the cost of the Hardware; and they are not 100% secure.

Software MFA

This could be a type of PIN. A six or eight-digit number can be sent to your email or phone, so you can authenticate after you have submitted your password during the authentication process.

Google Authenticator

Financial institutions usually use OTP, a One-Time-Pin to your Cell, for authentication. Sometimes, they use a static pin. With a static pin, you must remember the number for a specific time before changing it. OTPs can be generated by smartphone apps, sent via text or email, Smart cards or fobs (Hardware), or security keys.

Other types of MFA could be something that an AI generates for you to authenticate and access your content, such as; location-based, adaptive authentication, or risk-based authentication

For consumer MFA, you can use different based tokens depending on what is allowed by your providers, such as:

Software or app base authenticator

  • Lasspass Authenticator
  • Google Authenticator
  • Due Authenticator
  • Microsoft Authenticator
  • 2FAS
  • Twilio Authy

Hardware Based Authentication:

  • Yubi key
  • FIDO2 Certified keys
  • TrustKey
  • Symantec VIP Hardware Authenticator

Similar Posts