Table of Contents
Multi-factor authentication (MFA) is an authentication method that combines multiple credentials – the factors. You know the MFA from your online banking when you verify transactions and from login procedures secured by additional factors.
Last year we explained two-factor authentication (2FA) — the variant of multi-factor authentication that uses a second factor to authenticate or verify. The basic principles that we described in the post linked above are the same as those of multi-factor authentication. The following possible authentication types are possible with 2FA and MFA:
If, for example, knowledge (password) and feature (fingerprint) are used, it is 2FA. Other factors such as tokens can supplement multi-factor authentication.
The most significant advantage of multi-factor authentication is obvious: with each additional factor, the threat scenario of identity theft recedes further. Because even if the password has been compromised, access is protected by at least one other proof of entitlement.
Disadvantages often arise in usability: the more factors users have to use when registering, the more complex the registration process becomes. If one of the factors is also lost, the system cannot be accessed first. They are replacing the lost factor results in enormous additional work.
Nevertheless: the more factors are used, the more secure are authentication methods. A recent report by the US magazine The Record shows that there are now around 1,200 phishing toolkits that can be used to attack two-factor authentication. According to the report, the most common variant is the theft of authentication tokens from the computer. These are not impractical: users do not have to log in every time they visit a page but can remain logged in for a certain period—attackers who have such a token bypass the authentication.
The second most common variant is man-in-the-middle attacks: Attackers move between service providers and users to steal data – for the identity thefts described in the report, codes for login procedures are harvested. Criminals can do this using malware on smartphones: If users log into online services and wait for 2FA codes to be sent via SMS, the attackers can intercept them. It makes sense to use other devices for the second factor to avoid such a scenario.
The right combination is required when using multi-factor authentication: the registration process must not overwhelm users, but it must not underwhelm cybercriminals either.
To address the right combination of different factors, here are a few possible factors:
eID/ electronic identity card: The electronic identity card (“eID”) can be used to authenticate various online services. Authorization certificates make it possible to access stored data – also on the part of the citizens to recognize who has accessed which data and for what purpose.
As a process of account security, multi-factor authentication represents a tried and tested means against identity theft: With two or more authentication steps to be carried out separately with different factors – ideally on other devices – users can securely prove their identity. It is difficult for cybercriminals to harvest authentication credentials – and even if one aspect succeeds, one or more others will protect against identity theft.
Also Read: Cybersecurity In Companies, Increasingly Critical
Hybrid cloud adoption has revolutionized enterprise IT environments. Research from IBM even found that 77%…
Equity investments offer substantial potential for long-term growth, making them a popular choice for individuals…
Do you see it coming, the new trend? The growing concern for data confidentiality? With…
The Mobile Phone Cases And Their Types As cell phones become more important, the need…
AutoCAD will be considered as a powerful tool by the construction, engineering, and architectural sectors…
For the moment, the new lockdown decreed in mainland France spares Reunion Island. If this…