Imagine this: you’ve just begun a new job and are logging into the accounts that have been set up for you. As you go through the login process, you’re prompted to download an authenticator app before you can access your account. Why is this important?
Why should you use Multi-Factor authentication?
Companies are increasingly adopting multi-factor authentication methods as a crucial security measure to protect sensitive data and systems. If companies are doing this as a security measure, why aren’t you for your personal accounts? Passwords alone can be vulnerable to various types of attacks, such as phishing or brute force attempts. By adding an extra layer of verification, MFA ensures that even if someone manages to obtain your password, they would still need a secondary factor, such as a code sent to your mobile or a biometric scan to gain access to your account. MFA will significantly reduce the risk of unauthorized access to your personal data.
Personal accounts often hold critical information, such as financial details, personal messages and private documents. A compromised account could lead to significant personal and financial harm. MFA will provide an additional safeguard that will make it more challenging for cyber-criminals to exploit your accounts, MFA will reduce the chances of identity theft and financial harm.
Many services and platforms now support MFA, making it easier for individuals to add an extra layer of security to their personal accounts. By enabling MFA on your personal accounts you are taking a proactive step to enhance your account security and ensuring that your personal information remains protected. This small investment of time can provide an extra layer of defense if a cyber criminal somehow gains access to your password.
There are many different MFA methods that you can take advantage of, these some common MFA methods:
- SMS or Email codes – A verification code is sent to your email address or mobile phone. You will enter this code in addition to your password to complete the login process. Whilst this is easy to use, this method is less secure sue to potential vulnerabilities such as SIM swapping or email breaches.
- Authentication Apps – Apps like ‘Google Authenticator’, ‘Microsoft Authenticator’ and ‘Authy’ will generate time-based one-time passwords (TOTP) that will change every 30 seconds. You will need to enter the current code that is displayed in your authenticator app along with your password to login. This method is more secure than SMS because the codes are generated on your device and not transmitted over the network.
- Hardware Tokens – Physical devices, such as YubiKeys will generate or store authentication codes. To login, you either insert the YubiKey into a USB port or tap it near a device that supports Near Field Communication (NFC). Hardware tokens provide a high level of security as they require physical possession of the device.
- Biometrics – This method will use your biometric traits for authentication. Common biometric methods include: fingerprint scans, facial recognition and iris scans. Biometrics provide a convenient and secure form of authentication, but they require specialized hardware and can be subject to privacy concerns.
- Push Notifications – A notification is sent to your smartphone when you attempt to log in. You approve or deny the login attempt with a single tap. This method is user-friendly and secure, as it requires access to your device and explicit approval for each login attempt.
- Behavioral Biometrics – This method analyzes patterns in your behavior, such as typing speed, mouse movements, or device usage habits. While not a standalone factor, it can be used in conjunction with other MFA methods to provide additional security and detect anomalies in user behavior.
Each MFA has its own advantages and disadvantages, so it’s important to choose the one that best fits your security needs and usability preferences.
How does MFA work?
Multi-Factor Authentication (MFA) works by requiring users to provide multiple forms of verification before they can access an account or system. This means that if one factor of authentication (Such as a password) is compromised, unauthorized access is still prevented by the other factors of authentication. Here is a break down of how MFA actually works:
Optional security measures – Some systems will implement additional layers of security, such as monitoring for unusual login locations or times and requiring extra verification steps under certain conditions. For example, some systems will ask for verification when a user logs into an account on a new, unrecognized device.
Initial login attempt – The user starts by entering their username and password. This is the first factor of authentication, this is something the user will normally know.
Secondary verification prompt – After the initial login attempt, the system will prompt the user for a second form of authentication. This can be any one of the methods above.
Verification of the second factor authentication – The user provides the requested second factor of authentication, for example, if the user is using an authenticator app, they will enter the TOTP displayed on the app. The system will then verify the second factor of authentication, for instance, it will check the code from an authenticator app against what it expects.
Access granted or denied – If both factors of authentication are verified, access will be granted to the user. The system recognises that the user has successfully provided both the knowledge based and additional authentication methods. If the second factor is incorrect or not provided, the system will deny access to the user, even if the password was correct. This prevents unauthorized users from gaining access based on single factor authentication.