Back to Basics: Multi-Factor Authentication
Multi-Factor Authentication (MFA), or Two-Factor Authentication (2FA) are systems to identify a login with more than just a username and password. You have probably experienced Multi-Factor Authentication when logging into a banking app. They may have asked for a fingerprint or a one-time password they sent you. Often these apps will only ask for a second form of authentication if you are logging in from a new location.
MFA is a way to secure your login credentials beyond just using a password. Many users choose passwords that are easy to crack, or use the same password on multiple services. If one password is compromised, they are all compromised. MFA is an extra step to secure a given login.
Multi-Factor Authentication types are broken into three categories:
Something you know: Password, Mother’s Maiden Name, DOB, PIN.
Something you have: Cell Phone, USB token, RFID chip.
Something you are: Fingerprint, Retina Scan, Facial Recognition.
The most common form of MFA is an SMS text message to your phone. This extra step stops criminals from accessing an account where they have figured out the password. Also, the app or service could see this login attempt with the correct password, but not the second factor of the text message. This could prompt a notification from the service to re-set your password. Additionally, if you receive a text message and are not trying to log into your bank account, you know someone is trying to access your account. While SMS 2FA has its own set of vulnerabilities, it is still much more secure than only using a password.
We read an article last week that reinforces this theory. An Xbox user was not using MFA, and when his account got hacked, the hackers turned on MFA so that he couldn’t recover his password and get back in. Click here to read the article.
This article illustrates a great point. If a service you are using has an option for MFA, but you’re not using it, this opens up a huge vulnerability for the account. If the account gets hacked, the hacker can turn on MFA and make it nearly impossible to access the account again. In the case of the Xbox account, it was also tied to a bank account, so the hacker turned on MFA, locking out the original user permanently, then started buying games on the linked bank account.
Most companies will not let you back into the account if you don’t have the extra point of authentication. If 2FA or MFA is an option and you’re not using it, the hacker who breaks into the account will.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.