Every application we use, whether in the cloud or on-premises, is typically “secured” with a username and password. But these traditional credentials have become the weakest point of defense, providing insufficient protection against cyberattacks, data breaches, and follow-on crimes using stolen identities. Multi-factor authentication (MFA) can help enforce stronger security.
Multi-factor authentication, sometimes called MFA, two-factor authentication, two-step verification, TFA, T-FA or 2FA, is an approach to authentication that requires the presentation of two or more authentication factors:
- Knowledge factor — something only the user knows — can include usernames, passwords, security questions, and personal identification numbers (PINs)
- Possession factor — something only the user has — can include smartcards, hardware or software tokens that generate authentication codes, soft tokens stored on mobile devices, or something as simple as a registered phone number
- Inherence factor — something only the user is — can include can include biometric informationfrom fingerprints, voice recognition, or retina scans
Each factor must be presented correctly in the required order for authentication to occur.
Multi-factor authentication that is tied to user identity prevents the end user from giving away, forgetting, or reusing their credentials, and strengthens security. MFA can reduce the risk of compromised credentials and prevent the most popular attacks–those that leverage stolen passwords–from impacting your organization.
MFA is a good security mechanism for securing enterprise identities. Businesses have known this for a long time. But until recently, implementing MFA was a challenge, because it was too large a burden on end users, and too costly for IT. Today's MFA solutions are changing this security paradigm by being both easier to use and more affordable
Cloud applications were never designed to work with legacy MFA solutions. Those legacy solutions were built for on-premises resources, in a time where “cloud” and “mobile” had entirely different meanings unrelated to IT. Any technology solution needs to balance stringent security against user adoptability. A newer generation of MFA methods can make strong authentication easy, convenient, and secure.
For example, when accessing applications or resources that IT has secured with MFA, modern solutions can push notifications directly to a user's mobile or wearable device, which they simply swipe to verify their identity. iOS, Android and other devices are easy to use as a second factor, and can help eliminate adoption barriers that typically slow deployment of more complicated multi-factor solutions.
Multi-factor authentication for cloud and on-premises applications and resources can strengthen the security of sensitive data and protect user identity. But MFA applied individually across different user environments and cloud services leaves gaps in security that attackers can exploit.
Combining MFA with federated identity and single sign-on, we can eliminate the most common security vulnerability: compromised credentials caused by bad or reused passwords. Use additional authentication factors to help thwart brute force attacks based on traditional username and password-based authentication.
By Chris Webber, Security Strategist at Centrify