Improving Security with Multifactor Authentication

Improving Security with Multifactor Authentication

Multi-factor authentication seems like an annoyance sometimes. Those little windows that ask us to fill out a CAPTCHA or enter a code are obvious examples of MFA. While they may annoy you, they do serve a valid and important purpose. When doing anything important over the internet, there is a serious need to verify the identity of every user. Without this, you are basically asking to get hacked, scammed, or otherwise exploited. Let’s talk a little bit more about MFA, why you need it, and how it can improve your security.

The Many Forms Of Multi-Factor Authentication

There is no need to explain the basic concept of multi-factor authentication. This term is kind of self-explanatory: You use multiple methods to authenticate a user’s identity. However, this basic concept can be implemented in a lot of different ways. Each of these “factors” represents another barrier that an unauthorized user will have to circumvent. Here are some of the common methods that can be used to create the “layers” of an MFA process.

CAPTCHA

This is a series of images or text that challenge the user to perform a task. For instance, they might tell you to select every image that contains a bicycle. Sometimes, these will generate a random combination of letters and numbers, which must then be entered in a box below. These are mainly used to combat botnet attacks. Automated systems (i.e., “bots”) usually can’t get past this kind of barrier.

Phone Verification

This one is very common as well. A code is sent to the user’s mobile phone, and the code is then entered on the verification page. The advantage here is that, in order to circumvent this measure, a hacker would require access to your phone.

Security Questions

These are specific questions that only a specific user can answer. Great for single-user situations, not so reliable for the verification of others.

Passcodes/Passwords

As long as they are long and random, these can be some of the best ID verification tools. Unfortunately, there are ways that a skilled attacker can potentially circumvent them.

ID Cards/Security Tokens

Sometimes, in cases where extreme security is needed, it is best to use a physical device. This might a card with a magnetic stripe, a USB stick with specialized software, or some other exclusionary device. Obviously, there is still a danger of physical theft.

Why You Need Multi-Factor Authentication

A good security system is like an onion. It has multiple layers, one inside the other. Multi-factor authentication is based on this principle. Although there are a lot of questions as to the best way of using MFA, there is no doubt that MFA is the best approach. Any single-factor identification scheme can probably be defeated by a variety of methods. Unfortunately, criminals have become very inventive over the years. As such, your best bet is to throw up every wall you can.

According to this study from Microsoft, MFA is highly effective in the prevention of botnet attacks. In fact, they said that it would prevent about 99% of all such attacks. While those numbers sound a little bit optimistic, they may be correct. Automated programs will always have trouble with this sort of thing. One might call it their “Achilles heel.”

MFA is also very effective in the prevention of identity theft. Identity theft usually begins with the theft of credentials. This might be an ID card, a password, a social security number, or any other type of unique identifying information.

According to the Federal Financial Institutions Examination Council (a government bureau that regulates banking practices), MFA is a crucial tool in the fight against identity theft and the frauds that it enables. This makes sense because an identity thief won’t usually have access to all of your personal information.

Potential For The Future

As we explained earlier, MFA is a very versatile idea. It can be applied in a huge number of different ways. For instance, in situations that call for the most extreme of security, biometric identification is a good option to consider. Fingerprint scanners are not particularly complex or expensive, though some other biometric devices might cost a bit more.

Obviously, there are some ethical concerns about the use of biometrics. That is why they should only be used for select (i.e., maximum security) purposes. In any case, there are all kinds of ways in which this concept could be expanded. For instance, one could enable a multi-factor authentication system for the process of logging in to a router’s admin page. Hackers often target routers because many people don’t bother to change the default admin passwords. Once they get the password, they can make changes to the router and that is bad news. However, a strong MFA system at the router level could be just the thing to defeat such attacks.

Of course, there are some problems that will have to be overcome. For instance, it seems that multi-factor authentication can become less secure when deployed in a multi-server environment. This study demonstrated that five of the most common MFA protocols could be breached in a multi-server environment. They described these flaws as “critical.” This study is a little over a year old as of this writing, so we hope some of those flaws have been addressed.

Conclusion

There is no doubt that multi-factor authentication is going to be a major part of the security landscape. It is a concept that has the potential to make things much more difficult for hackers, cyber-criminals, and all other such scum. We strongly recommend deploying this kind of system to protect both your data and the data of anyone who uses your services. All of the biggest players are using MFA to some degree, from banks to governments and all sorts of smaller institutions. If you would like to know more about how you can use multi-factor authentication to improve your online security, call PCH Technologies at (856) 754-7500.