SECURITY THROUGH DATA

CYBER 101

  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Entertainment
  • FAQ

Cyber Risks

  • Alerts
  • Attackers
  • Incidents
  • Threats

Cyber Education

  • Books
  • Certifications
  • Courses
  • Definitions
  • Documents
  • Domains
  • Quotes
  • Tutorials
  • Trivia
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
No Result
View All Result

About Multi Factor Authentication

5 min read
in Blog, FAQ, Learning

How MFA works?

If you have MFA setup for a given account (website, application or device), when you log in with your username and password, that account server is going to ask for a second, independent form of authentication before it will actually let you into the system. It’s kind of like when you open a bank account and they ask to see a picture ID and some other form of identification, like your social security card or a passport. It’s much harder to pretend you are someone you’re not when you have to prove who you are in two different ways!

Multifactor Authentication Methods

  • Mobile device application “Push” method

The most popular way to get that second form of authentication is through a “push” to an application on your mobile device. There are a variety of authenticator apps that are free and easy to set up and even easier to use for authentication.

With this method, the account server that you are trying to log into will send a “push” to you mobile device. This push is a notification that will pop up on your mobile device and say something along the lines of, “Hey, someone’s trying to log in to this website, is it you? Should we let them in?” If you hit yes, you’re in. But if you didn’t make the original login request, you know that someone has your password and is trying to log in to your account. You can hit the “No” button and their access will be denied. You can then go log in yourself and change your password so that the attacker is back to square one. It’s simple, yet extremely effective security.

  • Mobile device application code method

Sometimes the account server won’t send you a push but it may ask you to type in a unique code that is generated by the authenticator app on your mobile device. These codes are short (maybe 6 digits) so it may seem like they are not very secure. The cool thing is that the codes are re-generated every minute or so and they are based on an algorithm that is known only to your authenticator app and the account server you’re trying to connect to. It would be extremely difficult for a cybercriminal to guess the right 6 digit code under those circumstances since the timeframe is so short. Usually this method is an option as a backup to the push method as well. Most authenticator apps will support both methods.

  • SMS Code Method

This method also uses your mobile device but it doesn’t use an application. Therefore, it works with non-smartphones. If you set up this method of MFA, when you log in with your username and password, the account server will send your mobile phone a text message with a one-time code. You will then type that code into the website or device portal where you entered your password.

  • Email Code Method

This method works very much like the SMS code method except that the code is sent to an e-mail account that you have pre-communicated with the account server you are trying to access. You will most often set this up when you register for the multifactor service you are using.

If you’re going to use this kind of MFA, you need to make sure that your email account itself is secure, which probably means that you should have MFA enabled for access to the e-mail account in question. The reason is that e-mail can be checked from anywhere, including the same computer terminal where the cybercriminal is trying to log in to your account. In other words, this method does not require physical access to any independent device. That’s why you should have a strong password for your e-mail that isn’t used anywhere else. If you do that, then this method would essentially require the attacker to know two of your passwords.

  • Physical Token / Hardware Tokens

This method used to be more popular before the advent of smart phones. A physical “token” is a small device that continuously generates codes in the same way that an authentication app on your mobile device would. It works just as well but it has the added downside that you have to keep track of this other device.

  • Biometric 2FA

In biometric verification, the user becomes the token. A user’s face, fingerprint, retina, or voice can become the 2FA token needed to prove their identity and gain access to their account.

When should I use MFA?

You should use MFA whenever possible, especially when it comes to your most sensitive data—like your primary email, your financial accounts, and your health records. While some organizations require you to use MFA, many offer it as an extra option that you can enable—but you must take the initiative to turn it on. Furthermore, if a business you interact with regularly, say your health organization, wants to provide you with convenient online access to health records, test results, and invoices, but only offers a password as a way to protect that data, consider saying: ‘no thanks, not until you provide MFA to secure my information.’

What a MFA login includes?

A typical MFA login would require the user to present some combination of the following:

  • Something you know: like a password, Personal Identification Number (PIN), or answers to security questions
  • Something you have: like a smart card, mobile token, or hardware token
  • Some you are: form of biometric factor (e.g., fingerprint, voice recognition)

What Does 2FA Mean?

Two-factor authentication can be used to strengthen the security of a phone, an online account, or even a door. It works by demanding two types of information from the user — the first factor is usually a password or personal identification number (PIN), while the second factor could be a fingerprint or a one-time code sent to your phone.

What Is a Two-Factor Authentication Code?

A two-factor authentication code is a one-time code generated to prove a user’s identity when they try to access an online account or system. The code would be sent via text message or by an automated phone call to a phone number associated with the user. Upon entering the two-factor authentication code, the user gains access to their online account. These codes often expire after a short amount of time if not used.

Benefits of Two-Factor Authentication

2FA delivers an extra layer of protection for users because a username and password are simply no longer enough.

Introducing non-password-dependent two-factor authentication greatly enhances security and reduces the risk of identity theft.

For companies, two-factor authentication can also help reduce IT costs. Password reset is one of the most common reasons people call helpdesks.

Can Two-Factor Authentication Be Hacked?

Although it is possible for two-factor authentication to be hacked, the odds are very low and 2FA is certainly the best practice when it comes to keeping accounts and systems secure. One way two-factor authentication could be hacked happens through the SMS method – or, in other words, the method by which a one-time use code is sent to a user’s phone number via SMS or an automated phone call.

Source: OSU

Related

Tags: About Multi Factor AuthenticationCybersecurityMFA FAQ
19
VIEWS
ADVERTISEMENT

Related Posts

Certified Secure Software Lifecycle Professional (CSSLP)

Certified Secure Software Lifecycle Professional (CSSLP)

June 27, 2022
Software Security Practitioner – Quality Assurance

Software Security Practitioner – Quality Assurance

June 27, 2022
Certified Software Quality Manager (CSQM)

Certified Software Quality Manager (CSQM)

June 27, 2022
Certified Software Quality Analyst (CSQA)

Certified Software Quality Analyst (CSQA)

June 27, 2022

More Articles

Alerts

SonicWall security advisory (AV22-161)

March 30, 2022
Alerts

[Control Systems] WECON Security Advisory

December 9, 2021
Course

Business Continuity and Disaster Recovery Planning

June 16, 2022

Teaching tech

October 18, 2020

APT17

August 10, 2021
Document

SAFE TRAVELS: Counterintelligence tips

April 7, 2022

Cybersecurity Risk

June 22, 2022
Alerts

CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches

August 18, 2021
Load More
ADVERTISEMENT

© 2022 | CyberMaterial | All rights reserved.

  • About us
  • Contact
  • Legal and Privacy Policy
No Result
View All Result
  • Cyber101
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Incidents
    • Threats
  • Cyber Education
    • Book
    • Certification
    • Course
    • Definition
    • Document
    • Quotes
    • Tutorials

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Posting....