Multi-Factor Authentication, or MFA for short, is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. These factors can be something you know (like a password or PIN), something you have (like a smartphone or secure USB key), or something you are (like a fingerprint or facial recognition).
MFA enhances security by requiring users to identify themselves by more than just a username and password. Usernames and passwords can be vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an additional MFA factor like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cyber criminals.
Authenticator Apps
For example, if you’re using the Microsoft or Google Authenticator app as your second factor, you open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you’re in. If somebody else tries to sign in as you, they’ll enter your username and password, and when they get prompted for that second factor they’re stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter.
SMS (Text Message) Authentication
SMS-based MFA is a method of authentication where a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. One of these factors is a one-time passcode (OTP) that is delivered to their phone in an SMS (text) message after the user enters their username and password.
Physical Hardware Authentication Keys
MFA with physical hardware keys is a method of authentication where a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. One of these factors is a physical hardware security key.
A hardware security key is a physical form of authentication that provides you with access to systems, applications, and accounts. They’re known as a “possession factor” because they prove you physically own something used to authenticate your account. Hardware security keys are often used as a second form of authentication or as a Multi-Factor Authentication (MFA) method.
Here’s how it works:
- The user registers the hardware key with the system or service they want to protect.
- When the user tries to log in, they enter their username and password as usual.
- The system then asks for the second factor - the hardware key.
- The user inserts the hardware key into a USB port or uses a wireless method (like NFC or Bluetooth) to connect the key to the device.
- The key then uses a cryptographic process to prove its legitimacy.
One of the most popular hardware security keys is the Yubico Security Key C NFC. This security key is compatible with nearly all sites and services that support security keys. Its USB-C connector and NFC support work with most modern desktops, laptops, and mobile devices, so you can log in securely anywhere.
Comments
0 comments
Please sign in to leave a comment.