With data breaches taking up headlines from Wired to the New York Times, it is now more important than ever to secure user identities. It is estimated that breaches will cost companies $2.1 trillion in 2019. That’s enough money to buy Apple—twice. Because compromised identities contribute to the majority of data breaches, password requirements are becoming increasingly complex and many organizations are implementing multi-factor authentication to help bolster security. So what is MFA and how how does it help with security? Let’s explore the definition of multi-factor authentication.
What is MFA?
Multi-factor authentication is a pretty self-explanatory term at its core, but gets more interesting in practice. In general, MFA requires users to provide multiple forms of authentication in order to gain access to IT resources. Typically, MFA involves something you know, like a username and password, and something you have like a token generated by an app such as Google Authenticator. It is possible to receive tokens via SMS instead of an authenticator app; however, it is not recommended. Take it from Reddit, who recently found out the hard way that SMS-intercept is a real threat and can have major consequences.
Multi-Factor Authentication Code Generators
The codes generated by apps like Google Authenticator™ and Duo Mobile® increase security by linking to accounts and randomly generating time-based one-time passwords (TOTP) codes every 30 to 60 seconds. This process helps to ensure that even if somebody shoulder surfed your credentials on the bus — MFA code and all — there is some security in knowing that the MFA code will change within the next 30 seconds or so. (Side note: make sure to obscure sensitive credentials any time you’re in public.) Like the aforementioned scenario, while weak passwords may not be all that difficult for a hacker to compromise, it is much harder to try and guess an MFA code that changes every 30 seconds. Also, a hacker would not only need your password, but would also need your smartphone with the authenticator app to effectively login to an account. Obtaining your phone, cracking (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/definition-of-multi-factor-authentication/