What is Multi-Factor Identification and Why Do I Need It?

People have many online accounts. In order to remember all their passwords they choose easy ones which, in the worst-case scenario, can be easily guessed. Plus, they often reuse them across multiple accounts. To keep track of passwords, many people also write them down. Password reuse enables credential stuffing, in which log-in information is entered into a range of digital services, often by an automated system or program. This type of attack can be successful when people reuse the same credentials, causing many accounts to be susceptible to breaches and takeovers.

Are you still using the same few passwords to log into all your online accounts? Are your passwords simple? If so, you’re an easy target for hackers. With data leaks and hacks happening all the time, it’s more important now than ever to protect your online accounts and information.

Thankfully, there’s an easy way to protect yourself: multi-factor identification (MFA).

MFA provides an extra level of security so that cyberthieves can’t easily access your accounts, because the criminal needs more than just your username and password credentials.

How does it work?

MFA requires you to use more than one credential when logging into an account, and your credentials must come from two different categories to enhance security - so entering two different passwords would not be considered multi-factor. MFA is typically broken down into three categories:

  • Knowledge: These factors require you to know something, like security questions, a PIN sent to your device, or a specific keystroke.
  • Possession: The user must physically possess the factor, like a debit card or a USB drive, and insert it into the device to gain entry.
  • Biology: Access is granted once the user proves their identity through biological markers like a fingerprint or voice.
  • Location factor: the location of the authentication attempt is being verified by GPS, IP address, and other methods.
  • Time factor: authentication can happen within a specific time window

Types of MFA

There are several types of MFA:

  • Hardware tokens: This type of 2FA requires users to possess a type of physical token, such as a USB token, that they must insert in their device before logging on. Some hardware tokens display a digital code that users must enter.
  • SMS and voice MFA: You’ll receive either a text or voice message giving you a code that you must then enter to access a site or account.
  • Software tokens for MFA: These tokens are apps that you download. Any site that features MFA, will then send a code to the app that you enter before logging on.
  • Push notifications for MFA: You’ll download a push notification app to your phone. When you enter your login credentials to access a website, a push notification is sent to your smartphone. A message will then appear on your phone requesting that you approve your log-in attempt with a tap.
  • Biometrics: To log onto a site, you’ll first have to verify it’s you through something physical about yourself. Most commonly, this means using a fingerprint scanner.
  • Location: If your account was created and registered in one state, and suddenly a log-in is attempted in a different location, it may trigger a location factor. These factors will alert you when a log-in is attempted on a new device and send you a code to enter to verify your identity.

If you don’t have the additional identifier, you can't log on, even if you know the correct password.

For many businesses, many employees working from home now add to the urgency to strengthen authentication practices. It is likely that many people will continue to work from home. Many organizations have already incorporated a flexible approach. This means expanded corporate IT estates being accessed from more places will become commonplace.

Cycrest Systems has offered multi-facto) authentication for quite some time. For ease of use, It requires a smartphone app for each user, with other options available for those without smartphones. This system is used for: Cloud Office 365 users, Microsoft Cloud Hosted Email, SSL VPN access for remote access to your systems, On-premise exchange, and logins to your computer each day. This process generates a random password every 30 seconds that is used in conjunction with your regular login process to login into your account. Using this additional method, in the event your password is stolen or compromised, helps stop criminals from using your password/passphrase to gain access to your files, email, or system.

It might seem like a pain to add an extra step to your web surfing, but without MFA you could be leaving yourself vulnerable to cybercriminals who want to steal your personal information, access your bank accounts, or hack into your online credit card portals. If you haven’t turned on MFA for your important online accounts, turn it on today.


<< Previous     Next >>