What is multi factor authentication?
Multi factor authentication is when a user must provide evidence from two or more sources to prove their identity. Typically this information should come from separate categories, such as a thing they own (a bank card), a thing they know (a password), or something they are (a finger print). A common example that most of us use in our daily lives is when we withdraw cash from an ATM. To do so, we must have our bank card at hand, but we must also know our PIN. Without both the physical bank card and the knowledge of our PIN, the authentication process fails. Multi factor authentication provides some definite security benefits, because even if one authentication factor is compromised, it won’t be enough for a hacker to gain unauthorized access. However, it is not without weaknesses, and it is important for businesses to understand what multi factor authentication can and can’t do for them.
Pros and cons of multi factor authentication.
The biggest benefit to multi factor authentication is that it provides an additional layer of security for sensitive information. It also helps overcome some of the shortfalls of a simple password system, the biggest being that many users never bother to change their password from the default, or use short passwords that are easy to guess or crack. By requiring an additional authentication factor, you can take an additional step to protect yourself against user error.
However, not all authentication factors are equal. Secret questions, such as “What high school did you go to” or “What is your mother’s maiden name” are poor authentication factors, because they can be known by many people, or discovered through (often very minimal) research. Furthermore, if your login consists of two pieces of information of the same type, it is considered two-step authentication rather than two-factor (because rather than providing two different types of information, e.g. a password and a finger print, you’re really providing two passwords).
Unfortunately, one of the easiest authentication factors to adopt is also one of the most flawed: single-use PINs sent to your mobile phone via SMS. Authentication factors sent via mobile phone can also be intercepted, providing a significant but not fail-safe security measure. They can also leave you in a tight spot if you lose or damage your mobile phone, and can cause a login delay if you are out of reception.
That said, enabling multi factor authentication will certainly be more secure than relying on a single password to protect your most sensitive information. So much so, that it has become a standard for many industries.
Is multi factor authentication a best practice in security?
Yes. Mutli factor authentication has become a common best practice for most businesses, and is increasingly a requirement in high-risk industries. In fact, it is one of the requirements of NIST 800-171 that all businesses contracting with the DoD or federal government enable multi factor authentication to safeguard Controlled Unclassified Information (CUI).
It’s also a wise move to enable multi factor authentication on any systems which contain sensitive information, such as credit card information, health records, financial records, or client logins. In short, if loss of this information would damage your company or your clients’ privacy, you should use multi factor authentication to protect it.
At Brightline Technologies, we are experts in network security and can help your business bring its systems up to standard. Contact us for a free network assessment.