Multi-factor authentication – a smart approach to IT security
By Andrew Tang, Service Director, Security at MTI Technology - 7 September 2015
Last week, I wrote about the need for businesses to rethink the use of secret questions as a security measure. The Web and social media create a goldmine of user information, which astute hackers can access to answer security questions.
So, what is a preferable alternative for proving a user’s identity? One of the more effective methods is multi-factor authentication.
What is multi-factor authentication?
Multi-factor authentication is a security system that requires two or more independent credentials to verify a user’s identity.
A user might, for example, be required to provide information that they already know, such as a username, password or PIN. Combined with this, they may be asked to provide information given to them from a token or device – a passcode sent via SMS to a known mobile phone, for instance.
Other authentication methods rely on something on the user or where the user is located, through measures such as biometrics, iris scans, fingerprint readers and geo-location.
A combination of any of these methods results in multi-factor authentication. It is currently widely used for personal services such as emails and banking. And in the US, there have been calls for the method to be issued directly for all forms of Internet banking. Such is the confidence in this form of security.
What are the benefits of multi-factor authentication?
1. Proof and compliance
With multiple authentication methods in place, it becomes more difficult for hackers to access the service or website. It also makes it harder to deny an action.
For example, many online banking systems use a combination of passwords, PINs, tokens, SMS and unique codes, to ensure transactions are genuine. By using multi-factor authentication, banks can tie their compliance processes to specific users so the actions cannot be denied.
2. Protection can be free
Service providers such as Apple's iCloud, Gmail, eBay and Facebook have options to switch-on a two-step verification process. If a user tries to login from a new device, browser or different country, they will be prompted to enter a code, sent to their registered mobile phone number. The security is there and it is free in many cases!
3. Cloud support
As more cloud-based applications like Salesforce and Microsoft Office 365 enter the workplace, security will become a more complex concern for IT decision-makers. Multi-factor authentication has a critical role to play in addressing some of these concerns. In fact, there are already products available, such as SAML, which offer multi-factor authentication and are designed specifically to support cloud applications.
What are you waiting for?
Multi-factor authentication presents a very clear upgrade from the simple security question method. The shift to a multi-factor authentication method will add an extra layer of protection against security breaches.