With cybersecurity on the rise, Multi-factor Authentication is a go-to for an additional security measure for your devices and data points.
Question: What is Multi-factor Authentication … and Which Method is Best?
Answer: Multi-factor authentication is a method of securing data and applications after a user presents two or more credentials to verify the user’s identity for login. It provides an additional layer of security beyond login credentials.
MFA is designed to protect against social engineering ( a variety of malicious psychological manipulation methods used through human interactions), phishing (fraudulent attempts to obtain personal information), and brute-force attacks (a trial-and-error method of exploiting weak or stolen credentials to gain access to systems).
If cyber criminals target you and/or your business, they could take over your bank accounts, health care records, company secrets, and more. Multi-factor authentication is important, as it makes stealing your information harder for the average criminal.
Despite the risks of being targeted by cybercriminals, industry statistics show a relatively low number of both small and large businesses using multi-factor authentication. However, we see the implementation of MFA on the rise – mandated by increased risks of cybercrime, along with various cybersecurity compliance standards requiring MFA.
Three categories of authentication techniques are:
- Knowledge (something you know), such as a password or PIN. The use of passwords is the most common method of authentication.
- Possession (something you have), such as a badge, smartphone, token, or bank card.
- Inherence (something you are), such as a fingerprint or voice recognition.
Three Primary MFA Methods:
Three primary methods of MFA are SMS-based, on-device prompt in an app, and security key.
SMS-based MFA uses text messaging to authenticate the user. This is a common method that many people are familiar with. Typically, a user will enter their mobile phone number when setting up MFA. Whenever they log into an account, the user will receive a text message with a time-sensitive code that must be entered.
SMS-based MFA is considered to be the most convenient method. Users can often feel that MFA is slowing them down. This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.
If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based method. Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.
2. On-device Prompt in an App
Another type of multi-factor authentication will use a special app to push through the code. Push notification is the delivery of information from a software application to a computing device without a specific request from the client. The user still generates the MFA code at login, but rather than receiving the code via SMS, it’s received through the app. The push notification can be done with a mobile or desktop app.
Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than needing to carry around a separate security key that could quickly become lost or misplaced.
3. Security Key
A third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. Using a security key device is the most secure way to receive an MFA code. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.
The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system. Security keys are not tied to a mobile number or mobile device that could be breached. Organizations will offer physical keys to their highest-value users. Typically, a physical key is the best option to protect sensitive accounts and data like banking, insurance, and investment information
Question: How effective are the MFA methods?
Answer: MFA methods are generally effective, with various rate of success depending on a particular method.
A Google study looked at the effectiveness of these three methods of MFA in blocking three different types of attacks, social engineering, phishing, and brute-force attacks. The security key was the most secure overall.
Percentage of cyber attacks blocked by Multi-Factor Authentication:
- SMS-based: between 76 – 100%
- On-device app prompt: between 90 – 100%
- Security key: 100% for all three attack types
LOOKING FOR HELP SETTING UP MFA AT YOUR COMPANY?
Multi-factor authentication is a “must-have” solution in today’s threat climate. If you are looking for Bergen County IT Support and Services, or Jersey City Cyber Security Servicesk, reach out to get cybersecurity in check for your organization. We are located in Midland Park, New Jersey, and specialize in Managed IT Services with a focus on IT Security as our core service strength.
Let’s discuss your barrier points and come up with a solution together to keep your IT environment better secured with our Secure Global Network.