In part one of this post, we talked about why identity access management (IAM) is important.  In that discussion, we identified three types of IAM:

  • Single Sign On
  • Multi-Factor Authentication
  • Privileged Access Management

We discussed the different types of single sign on and some examples of what can be used to help streamline the user experience.  Let’s now discuss how you can pair single sign on with other two types of identity access management.

Cloud Native Now

Multi-Factor Authentication: How It Works

Multi-factor authentication (MFA) is a means to authenticate a user. It grants them access only after presenting two or more pieces of proof (or factors) to an authentication provider.  These include the following:

  • knowledge (something the user and only the user knows),
  • possession (something the user and only the user has), or
  • inherence (something the user and only the user is).

As such, multi-factor authentication is different from multi-step verification. While both harden a user’s digital security by making a login process more complex, the latter adds complexity in the form of the same type of authentication category (such as two or more things you might know). Multi-factor authentication asks that users provide pieces of proof from at least two different authentication categories, thereby making it more difficult for an attacker to spoof the user.

Multi-factor authentication is an important part of identity access management. It helps protect against password compromise by requiring at least one more form of identification. In fact, one of the things pointed out in the 2017 Verizon Data Breach Investigations Report is that 81% of all data breaches involved weak or stolen credentials.

In 2019, Google reported in their blog that by enabling MFA with device-based challenges, it was able to stop 100% of automated bot attacks, 99% of bulk fishing attacks, (Read more...)