Multi-Factor authentication (MFA) is a method of login verification where at least 2 different factors of proof are required. MFA helps protect your data assets by adding an extra layer of security in a process called hardening. Using 2-3 types of factors in the process of protecting assets is called multi-factor authentication. MFA can prevent an attacker from accessing a user profile and impersonating a user, because they must gather many different types of user data in order to gain access. This would be harder to do than if only a password was used. There are several types of MFA: - This is anything you might need to remember and type or say. It's something you have to recall from memory. An example might be your mother’s maiden name, a password, a passphrase, or PIN. Something you know - This includes all items that are physical objects that you must have. Specifically it includes the use of to provide a time based PIN or other generated number that must be inputted to verify someone’s identity. An example might be this hardware token: or the Something you have physical tokens RSA SecurID SID700 hardware token HyperOTP Time-Based 6-Digit Token for use with Amazon Web Services. - Includes using a part of the body that can be used for verification (biometric data), like fingerprints, palm scanning, facial recognition, retina scan, iris scan, voice recognition. This works because each person is unique, but it can be invasive because it may reveal information about an individual’s health concerns. An example might be this Something you are Face Recognition and Fingerprint Reader with WIFI. - Uses location based data to determine if someone is in the correct vicinity to access data. An example of location restriction using Azure is portrayed in this . Somewhere you are Microsoft article - Time can be used as part of MFA because data assets might have restrictions about when they can be accessed. If access attempts occur outside the time window, someone may be disqualified. An example in which time might be used is in a (TOTP). Per , a TOTP “is a passcode valid for 30 to 90 seconds that has been generated using the value of the Shared Secret and system time.” This combines the “something you have” factor with time restrictions. Time restrictions time-based one time password Rublon’s website A list by Mary Shacklett of Transworld Data at this shows it can be complicated, but worth it. What are the pros and cons of MFA? link Importantly, there are many data breaches that occurred as a result of not using multi factor authentication. An by Jean Shin includes information about several of these breaches which affected Target and Equifax among others. article The Future is MFA Using only passwords is unlikely to be a very secure method of authentication and is likely not the method of the future. Multi factor authentication is taking over. This writes: “In a climate where cyberattacks are at their peak (with brute force attacks on passwords being the most common), it’s no surprise that IT professionals at Fortune 500 companies like Google are pushing forward new security regimes. One business after another is adding multi-factor authentication (MFA) to its security infrastructure – and biometric technology is becoming the most sought-after element with an expected market growth to $55.42 billion by 2027.” In particular, the use of biometric data is growing. website Knowing about multi-factor authentication is important to daily life, but sometimes the concept can be little understood or misunderstood. It is important for hardening of data and personal information so it can be an interesting topic for more examination. References: https://www.tyntec.com/blog/breaches-multifactor-authentication-could-have-prevented https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA https://www.biometricupdate.com/202202/back-to-the-secure-future-the-need-for-multi-factor-authentication https://www.globalknowledge.com/us-en/resources/resource-library/articles/the-three-types-of-multi-factor-authentication-mfa/#gref
