What is Multi-Factor Authentication (MFA) and How it Protects Your Network

June 23, 2020 Eric Dosal Eric Dosal

4 Min Read

Managing access to enterprise networks is a major challenge for today’s organizations. With more and more people working remotely and using a variety of devices to access data and applications, companies must implement security controls that keep those vital assets protected. Multi-factor authentication is a simple and extremely effective solution that ensures only authorized users will be able to access enterprise networks.

What is Multi-Factor Authentication?

Protecting user accounts from unauthorized access has long been a challenge for organizations. Password protections are effective to some degree, but relying on passwords alone creates a single point of failure in a cybersecurity framework. Should a password be compromised, an unauthorized user could gain full access privileges to sensitive data and applications. Although cybersecurity experts have long promoted a variety of best password practices, millions of people still use simplistic passwords like “123456,” “111111,” and “password” to protect their accounts.

Multi-factor authentication helps to shore up this vulnerability by adding an extra layer (or more) onto an existing access security framework. Rather than providing one form of authentication, such as a password, users are required to produce additional credentials in order to gain access to their accounts. This ensures that even if one form of authentication is compromised, an intruder will still not be able to log into an account without obtaining a second form of identification.

According to research by Microsoft, implementing multi-factor authentication can block up to 99.9% of account hacks. Google studies found similar results, with MFA security stopping practically all brute force attacks by automated bots and 99% of phishing attempts. That’s because while hackers possess a variety of tools to overcome password security, the techniques needed to crack MFA software are much more sophisticated and time-intensive.

How Multi-Factor Authentication Works

The basic idea behind MFA security is that there are three basic forms of credentials someone can provide to prove that they are who they claim to be.

  1. Something you know: The person provides a piece of information known only to them, typically a password.
  2. Something you have: The person has a unique object, such as a keycode or access card, that only authorized personnel possess.
  3. Something you are: The person’s unique identifiers that are not shared by anyone else and are difficult to copy, such as a fingerprint or retina pattern.

Multi-factor authentication security framework requires a person to present at least two forms of credentials in order to access something. While this system is now a common feature of many enterprise networks, it can also be used for physical security systems. Data centers, for instance, make extensive use of MFA security to control who has access to servers and other assets.

Two-Factor Authentication

Most organizations deploying MFA security use some form of two-factor authentication or “two-step” security. A common strategy is to combine a user password (something you know) with a uniquely generated keycode delivered via SMS to a smartphone (something you have). Once the person enters their password, secure MFA software creates and transmits the time-sensitive keycode to a separate account. That code then needs to be entered before it expires (which usually takes only a few minutes).

This seemingly simple system has proven to be incredibly effective because it renders brute force password cracking irrelevant. In order to bypass two-factor authentication security, an attacker would need to both discover the user’s password and then compromise another secure device or account in order to obtain the keycode. Confronted with this challenge, most hackers simply move on to prey on easier targets (like someone using these common passwords).

Even better, two-factor authentication is both simple to implement and relatively unobtrusive for people to use. While employees might grumble the first time they need to provide a second form of credentials, they will quickly become accustomed to the process, especially when they understand the tremendous security benefits it provides.

Biometric Authentication

The development of inexpensive biometric scanning technology was revolutionary for MFA security. Whether it’s scanning devices at physical access points in a data center or camera and touch sensors on a smartphone, there are many ways for MFA software to incorporate biometric data. In fact, many people are already using biometric authentication to confirm purchases on app stores or access their mobile banking dashboards.

Biometric authentication leverages the “something you are” aspect of MFA security by turning a user’s unique biological features into a form of credential. Passwords can be discovered rather easily and physical credentials can be misplaced, but duplicating biometric information is incredibly difficult. More importantly, biometric data doesn’t require someone to select a password or obtain a keycode of any kind. It’s quick, easy, and unintrusive, leaving little room for human error. This combination of factors makes biometric scanning technology one of the most exciting trends in MFA security.

Strengthen Your Access Controls with Compuquip

Securing access to your network is one of the most important steps you can take to ensuring the long-term success of your organization. That’s why the team at Compuquip Cybersecurity has the skills and experience necessary to help our clients identify their vulnerabilities and implement security solutions to mitigate risk and provide peace of mind. Whether you’re looking for fully managed security services, a comprehensive review of your existing security policies and controls, or ongoing access to a virtual CISO, we’re ready to work with you to protect your essential data and applications. Contact our team today to tell us all about your organization’s unique cybersecurity needs.

back-to-cybersecurity-basics

cdo-guide-to-omnichannel-security