Grundig IT Newsletter
Computing News That You Can Use
What Is Multifactor Authentication? – How It Works – And Why MFA Is Good.
More and more often, systems are demanding two-factor authentication, or multi-factor authentication. Multifactor authentication is, hands down, the best way to add extra security to your accounts.
Multifactor authentication is a powerful tool to keep your accounts secure and we suggest utilizing it on every important account – especially your email account, since email often acts as a gateway to every other account you have. It shouldn’t be the only tool – A good, secure password is important, and password manager software is often useful. If you find two-factor authentication too troublesome, you really should consider how important that account is, and how much damage it would do if some ill-intended bad actor got ahold of it. Then you should activate 2FA anyway.
We have heard numerous people complain about having to use it, and lots of people misunderstanding it as well. Let’s go over the different types of authentication to simplify how it works, and what is the most effective.
There are three primary types of multifactor authentication: Possession-based, Knowledge-based and Identity-based.
Possession-based authentication can take a number of different actual modes. The most common, and most familiar, would be authentication that requires a smartphone: SMS text messages, phone messages, Authenticator App codes, or other application based authentication.
SMS-based text messages (or phone messages) can be sent to your phone as a method of identity confirmation. This is better than nothing (and probably better than identity questions), but still somewhat risky. Phone identity can be cloned or stolen, and SMS texts can be intercepted. We have only seen it a few times, but we have seen it. Still, SMS-based authentication can often stop over 75% of targeted phishing attacks – and this is after they’ve targeted you. The protection is even higher for bulk email phishing attacks, and near perfect for bot-based phishing attempts. This is the easiest possession-based authentication to use, because you won’t even need to unlock your phone to get the authentication code in most instances.
An application-based authentication method is even more secure. The most common authentication applications are the Google Authenticator and Microsoft Authenticator. Both of these phone apps can create linked authentication codes that change at a regular interval. Once configured, the codes are incredibly safe, stopping over 90% of targeted attacks. While not perfectly safe, because your phone could be stolen, these are a common and relatively simple method of authentication – the hardest part is setting it up the first time. Making it even more convenient, most accounts will only ask you to confirm your identity once a month or less, or if you have a new device you’re signing in with.
Knowledge-based authentication is probably the least safe. A good example of this authentication in use is when you create a new user account in Windows: The OS asks you to prepare a few security questions, which only the user should know . . . Or anyone who is close to them. Or someone who has done the research. Other examples of knowledge-based authentication include passwords or PINs – oftentimes an online account will allow you to log in to it with a password, but require a secondary PIN to access and change any settings or account information.
Identity-based Authentication is probably the safest. A number of smartphones and laptops have built-in fingerprint sensors, but most accounts will not be able to utilize these systems. Some online accounts can be tied to your smartphone directly, letting you use their fingerprint sensors as additional security. It is worth asserting, however, that any questions based on your identity are not actually identity-based, but Knowledge-based.
Still not convinced? Contact us and we can help make setup of MFA painless for you. Or, at least, easier.
Tom Grundig – 925.528.9081 – tom@grundigit.com
Quote of the Month
“We cannot solve problems with the kind of thinking we employed when we came up with them.”
— Albert Einstein