The Importance of Multi-Factor Authentication

As new, more powerful digital threats emerge each year, the challenges of computer security and passwords remain a relevant – and important – conversation among businesses and individuals alike. Today, we’re extending the discussion to provide examples of multi-factor authentication (MFA).

Generally, authentication is proving the truth, genuineness, or validity of something. In computer terms, it’s the process of verifying a user’s access to a computing resource. The most common application of authentication is through an account or website login, such as signing into your banking portal. In this context, the computer is verifying that you truly are who you say you are. Most often, this is done with a username and password combination. You identify yourself with a username and verify that it’s you by entering the correct password.

With this form of authentication, it’s crucial to select a secure, unguessable password. However, is there something else you can do to augment your security profile? It turns out there is!

Types of Multi-Factor Authentication

Multi-factor authentication is a security process that uses several different elements to verify your identity. In most cases, there are three distinct factors: something you know, something you have, and something you are. Let’s take a closer look at what each of these means.

Something You Know

The first factor in authentication is something you know, such as a password or PIN number. When you log into a website, you enter your username and supply something no one else should know: your password. That’s single-factor authentication – you are providing a single element in the process.

Something You Have

For two-factor authentication, the next layer is generally something you have. This is a physical item that the computer system depends on to add another authentication factor. A great example of this is the RSA SecureID token.

This physical authentication mechanism has a six-digit number that changes every 30 seconds. When you use the SecureID after you’ve entered your username and password, a dialog pops up for you to enter the current number on the token. The physical device and its server are in sync, so the software knows if the code you’ve entered is correct.

The theory here is that, should someone guess or steal your password, they won’t be able to log in unless they have the six-digit code – even if the correct password is entered. This system, while very secure, means that you must have a security infrastructure in place for both the resource (the website or app) and the physical item carried by the end-user (in this case, the SecureID Token).

Something You Are

The third factor is something you are. Examples of this element include your fingerprint, retinal pattern, or hand geometry. This layer is perhaps the most secure, as it’s nearly impossible to duplicate the unique characteristics of your physical body.

While it’s not entirely common, many facilities use all three factors to verify identities and maintain secure access points. For example, a high-security nuclear facility would likely require a personal identification number (something you know), a security badge (something you have), and a scan of your hand geometry (something you are) to access certain areas of the building.

How to Set Up Multi-Factor Authentication

So, how do you implement multi-factor authentication without a complex security infrastructure? How does Google, for example, offer two-factor authentication for its 1.5 billion Gmail users? Sending out individual RSA tokens would be costly. The answer? Cell phones.

Today, many organizations provide users with the option to utilize a multi-factor authentication process that’s completed via a mobile app for smartphones. Google Authenticator and Microsoft Authenticator are two leading examples.

To begin the process, you must download the app and turn on MFA for the specific website. The next steps are similar to the way RSA tokens work – a rolling, random number will appear on your phone’s screen that the site uses to add an authentication factor to your login.

A variety of companies have begun to adopt this technology to enhance security and provide users with added peace of mind. MFA is especially common among banks (such as Wells Fargo, Bank of America, and PayPal) and investment firms (like Schwab and Oppenheimer). Apple and Facebook have also jumped on the bandwagon, with more companies joining in every day.

Unfortunately, safety/security and comfort/convenience are always at odds. Mowing the grass is a great example – the fast and easy way to mow is to put on a t-shirt and gym shorts, lace up your sneakers, and turn on the lawnmower. In warm environments like Texas, this is the most convenient and comfortable way to get the job done.

However, the safest way to mow the grass is to put on long pants, a long-sleeved shirt, steel toe boots, eye protection, hearing protection, and gloves before starting the mower. While this is much safer, it’s also more time-consuming and quite uncomfortable.

So, while adding an MFA to your log-in process is a bit slower and less convenient, it’s important to consider the security benefits it provides. Take a moment to think about what your bank balance and social media reputation are worth to you and what, exactly, is at risk. At the end of the day, the added step is a small price to pay for the security and peace of mind MFA provides.

NerdsToGo is Your Leading Source for Cybersecurity for Businesses

At NerdsToGo, we offer a variety of in-home computer services to residents in McKinney, Frisco, and nearby Texas. We’re here to help you upgrade your computer to the newest, most effective security software and provide ongoing assistance to keep you safe online. The best part? Our team of expert Nerds will travel to your location!

In addition to our residential services, we also offer expert business IT solutions. With effective solutions like remote data monitoring and management (RMM), custom cybersecurity solutions, networking and firewall services, and more, you can better protect your sensitive data.

For more information, visit our business services page. Or, reach out to us at (496) 325-3912 or via our online contact form.

Category: