Drew Morrisroe

CTN has been serving Delaware Valley businesses since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Protecting Your Data With Multifactor Authentication

Protecting Your Data With Multifactor Authentication

Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token), and what the user is (biometric verification). The goal of MFA is to create a layered defense to make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.

Typical MFA scenarios include:

  1. Swiping a card and entering a PIN.
  2. Logging into a website and being requested to enter an additional one-time password (OTP) that the website's authentication server sends to the requester's phone or email address.
  3. Downloading a VPN client with a valid digital certificate and logging into the VPN before being granted access to a network.
  4. Swiping a card, scanning a fingerprint, and answering a security question.
  5. Attaching a USB hardware token to a desktop that generates a one-time passcode and using the one-time passcode to log in to a VPN client.

Why MFA?
One of the largest problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured, then it provides an attacker with a source to verify his guesses at speeds limited only by his hardware resources. Given enough time, a captured password database will fall.

In the past, MFA systems typically relied upon two-factor authentication. Increasingly, vendors are using the label "multifactor" to describe any authentication scheme that requires more than one identity credential.

Authentication Factors
An authentication factor is a category of credentials used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be. The three most common categories are often described as something you know (the knowledge factor), something you have (the possession factor), and something you are (the inherence factor).

  1. Knowledge factors – information that a user must provide to log in, also called knowledge-based authentication (KBA). User names or IDs, passwords, PINs, and the answers to secret questions all fall under this category.
  2. Possession factors - anything a user must have in their possession in order to log in, such as a security token, a one-time password (OTP) token, a key fob, an employee ID card, or a phone SIM card. For mobile authentication, a smartphone often provides the possession factor, in conjunction with an OTP app.
  3. Inherence factors - any biological traits the user has that are confirmed for login. This category includes the scope of biometric authentication methods such as retina scans, iris scans, fingerprint scans, finger vein scans, facial recognition, voice recognition, hand geometry, even earlobe geometry.
  4. Location factors – the user’s current location is often suggested as a fourth factor for authentication. Again, the ubiquity of smartphones can help ease the authentication burden here: Users typically carry their phones and most smartphones have a GPS device, enabling reasonable surety confirmation of the login location.
  5. Time factors – Current time is also sometimes considered a fourth factor for authentication or alternatively a fifth factor. Verification of employee IDs against work schedules could prevent some kinds of user account hijacking attacks. A bank customer can't physically use their ATM card in America, for example, and then in Russia 15 minutes later. These kinds of logical locks could prevent many cases of online bank fraud.

As you can see from this research, security is a complex topic and securing your data is not as easy as it was in the past. CTN can help you implement the appropriate security program for your organization using technologies like MFA. We want to make sure your business is safe!

Article Source: www.techtarget.com

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 22 September 2018
If you'd like to register, please fill in the username, password and name fields.

Newsletter Sign Up

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Recent Comments

      Here Are the Benefits of Using Cloud-Based Document Management
      20 September 2018
      I knew about the many benefits of using cloud based document management and I also get paper writing...
      Google Will No Longer Display Results As You Type--Here’s Why
      18 September 2018
      I want to know the reason behind this that why Google will no longer display results and how we can ...
      Announcing New Service from CTN Solutions: NetCare for IT
      27 August 2018
      This is so good place for announcing new service from CTN solutions because many students are connec...
      Don’t Get Your Hopes Up about 5G Yet
      16 August 2018
      That's an amazing article about the 5G technology and I hope people will like to know about this. Ju...
      Tip of the Week: How to Reduce the Use of Paper in the Office
      04 August 2018
      What a review https://www.uk.com/how-do-you-do.html