Don’t get scared… Yes multi-factor authentication is a scary term but it’s not all the difficult. If you remember our earlier blog post found here, we described what authentication was and why it was important. If you didn’t have a chance to read this post, I’d suggest you take a few minutes to read it before moving forward.
Multi-factor authentication is really a stronger form of identity verification. It’s being used today by a number of banks and payroll companies. These companies have taken security to a higher standard, above the usual username and password entry to gain access to their online systems. Why have they done this?
- Their business is centered around utilizing personally identifiable information on a daily basis
- Passwords are not that difficult to hack. Why, well we’ve written a few blog posts on how so many of us use the same passwords found here. Also, check out this blog which describes you how simple passwords are to hack with password crack software.
You probably get the fact that multi-factor authentication is a higher form of security when accessing a website or online portal, but what is it really? The term multi-factor authentication requires you to present more than one “factor” when accessing a system. These factors normally encompass three subject areas:
- Something you know (e.g. password, pin)
- Something you have (e.g. ATM card, security fob)
- Something the you are (e.g. biometric characteristics such as a fingerprint or retina scan)
The standard login/authentication process we all use to access facebook or Linked In falls into single factor authentication. Both a username and password are two things we know and all live inside of the “something you know” factor. Here’s a quick quiz to see if you are following:
How many factors are involved when you use your ATM card?
The answer: two. Your pin is the “something you know”, while your “ATM card” itself is something you have. So think about it, it makes sense how having more than one factor is more secure. When accessing your bank account, would you be comfortable if the only thing you needed was just your ATM card? Imagine if you unknowingly lost the card, the founder of the card could access your account if a pin wasn’t required. Doesn’t having a pin now make you more comfortable?
So why doesn’t every online system require multiple factors: well simply the cost of some multi-factor authentication methods are too great to always implement. Second, some companies are naïve when thinking that a simple username and password are enough and that a hack will never happen to them. It’s kind of the out of sight, out of mind mentality.
If you think a system you access should employ multi-factor authentication and it doesn’t, ask your provider why they don’t? If they don’t (note: it’s not a requirement that they do), ask if they audit and log every login attempt (both successes and failures). If they do, you can at least be assured that they have taken security to a higher level and can account for all authentication activity in their system.
As always, if you have any questions on multi-factor authentication or any other security top, please feel free to contact us at Shugo (xchange@myshugo.com). We’d love to hear from you and help!
Filed under: authentication, multi-factor authentication, Password Security, passwords, Security made simple, Security Tips
