20 Apr What is Multi-Factor Authentication and Why Is It Important?
In recent years, many businesses and processes have migrated online due to the varied benefits it offers. Many business, communication, and personal interactions have moved online without any major outages or significant business impacts.
In fact, one of the major silver linings of the recent Covid-19 pandemic was the increase in cyberspace due to people being confined to their homes. On the flip side, increase in business and transactions online have provided a readymade launchpad for cybercriminals to exploit vulnerabilities present in the online systems and cause heavy data breaches.
So much so that the year 2020 was not only a year of a biological pandemic but also as the cyber experts say a year of, ‘cyber pandemic’. According to a report on cyber-attacks conducted by an agency known as Risk-based security, there were 2,953 publicly reported breaches in the first three quarters of 2020, a 51% increase compared to the same time in 2019.
2020 was already the “worst year on record” by the end of Q2 in terms of the total number of sensitive records exposed. The three months of Q3 added an additional 8.3 billion records to the count, bringing the number of records exposed through the end of September to a staggering 36 billion.
One of the answers to the cyber security challenge was implementing MFA which is an acronym for Multi factor Authentication.
What is MFA (Multi-Factor Authentication) and Why is it Used?
Multi-factor authentication is an authentication process that requires identification or validation of users through a multi-step verification process to gain access to online resources which can be anything from a mobile application to web-based online accounts or a network.
In recent years, cyber attacks have become more sophisticated and difficult to deflect due to their complex nature. Hackers have developed tried and tested methods such as stealing personal credentials and gaining unauthorised access to personal accounts by exploiting a vulnerability.
The attacks range from simple relaying and spraying attacks to the more sophisticated methods of spear phishing and pharming. Traditional usage of username and passwords are not secure anymore.
MFA adds an additional layer of security or protection to the already present first layer of a username and password authentication which in turn insulates or protects an organisation or an individual from remote attacks by a cyber-criminal.
How Does MFA (Multi-Factor Authentication) Work?
Multifactor authentication works on validating two or more information of a user. The information of a user which forms a second or a third layer of authentication can be divided into 3 types. They are:
- Information you know – username and password
- Information you have – Badges, tokens or an OTP sent to your mobile phone or email address.
- Characteristics you possess – Biometric characteristics such as Fingerprints, Voice recognition or face recognition.
- Location-based – which makes use of geotagging or your location as an additional form of authentication.
- Adaptive authentication – Primarily assigns a value of risk to the login attempt and asks for more information if it finds that the login attempt is different from the normal attempts. Considers the device used to access information, whether private or public connection used, time of accessing the information, whether off-hours.
For Example – After entering username and password while trying to log in to your personal account you might be asked for a code sent on your smartphone or a fingerprint to validate your authentication. Adaptive authentication may ask you for an additional authentication factor when you are trying to log into your account using a different device other than what you normally use.
A typical MFA Process Has Following Steps While Validating
Listing: Here you have to register devices through phone numbers or Email Ids where you want the confirmation message to be sent
Login: A person enters the username and password which forms the first layer of verification
Confirmation: The system sends the user a message, typically an OTP or a code on your registered device to further the login process which forms the second layer of verification.
Validation: The system validates the code you have entered and grants access to your profile. In this sub-process, you may also be asked to put in your fingerprint to validate yourself.
Why is Multi-Factor Authentication Important?
Multifactor authentication has developed as a distinct tool or a process to protect an organisation or an individual against malicious cyberattacks. MFA has following benefits:
Prevents Identity Theft
Identity theft or access to personal information is a rapid growing cyber-crime. MFA provides an extra layer of security and prevents attacks of such manner.
It is a Right Fit for Weak Passwords
Though Password protection still forms the first layer of protection and is majorly used as a verification tool, studies have shown it is one of the least secure ways of protecting the system. Individuals or employees are inherently bad at creating strong passwords.
Recent studies from OWASP and NordPass which are foundations which expertise in application security states that “123456”, “password” and “qwerty” are still currently the most commonly used passwords around the world. (Read this). Recent studies from Ponemon institute (here) suggest that more than 50% of the employees reuse their passwords on different platforms.
Verizon’s 2020 Data Breach Investigations Report found that 80% of hacking-related breaches involved passwords in some way, either in terms of using stolen credentials or the involvement of brute force attacks. MFA prevents password breach as it requires multiple verification on the user end.
Reduce Risks Due to Use of Personal or Unmanaged Devices
Due to the covid-19 pandemic, people have been confined to their homes, and Work from home has become a norm. The employees while working from home remotely access the organisations private network on their less secured devices or network connections.
Personal devices or network connections do not have strong defence mechanisms such as anti-virus software or a firewall implemented to prevent phishing or a layering attack which can compromise the system and expose organisations’ sensitive data to the hackers.
Using MFA allows personal devices to prevent attacks on employee’s system who work remotely by providing an additional layer of security.
Provides a Strong Back up Protection
While firewalls and antivirus do their jobs, however with MFA, it’s about granting access based on streamlined authentication process, thereby lowering the risks of compromised passwords. It adds an extra layer of security from the kinds of destructive attacks that cost organisations millions of dollars.
Acts as a Warning
The properly implemented multi factor authentication system can provide warnings/notification to the IT team or an individual when someone is trying to log in or gain access forcibly. It also alerts you of any unauthorized access and allows users to report the same to respective IT teams for resolution and further prevention.
MFA Adapts to The Changing Network Process Without Compromising User Experience
MFA secures the organisations networks, its users and the systems by adopting an adaptive approach and allowing the user or an employee to choose the verification process without requiring cumbersome resets or permissions.
It easily integrates with a broad range of IT applications and is easy to deploy and manage thus saving time of IT teams which can in turn focus on more strategic tasks at hand.
Data and security breaches exposed 5.1 billion records during the pandemic according to Forbes. The multifactor authentication process is easy to deploy and manage. Moreover, it is inexpensive and amalgamates with almost all IT applications.
MFA provides an extra layer of security through a simple yet effective process. With recent increase in Cyber-attacks relying only on password strength is risky and perilous. Hence MFA is the way forward which prevents the likelihood of a brute-force attack or a potential data breach.