More and more companies and private individuals have been looking for better ways to keep their data secure in recent years. No one is truly safe, with huge companies like Facebook, Ticketfly, and T-Mobile suffering from devastating data breaches in 2018. With data breaches happening so frequently, many individuals are understandably worried about exposing their data and suffering from financial loss.
Key cybersecurity measures like enabling a firewall, installing antivirus software, and using encryption technology can only do so much against cybercriminals. Hackers have been using more sophisticated software to steal corporate and private data, so you should do everything you can to keep your data secure. One way of doing this is by enabling multi-factor authentication (MFA) as an extra security measure.
In this post, we’ll be looking at everything you need to know about MFA.
How MFA Improves the Security of Your Accounts
In a nutshell, MFA is a security system that necessitates more than one way of authenticating a user. Usually, it combines two or more types of authentication credentials: something a user knows, something they physically have, and something they are.
The MFA creates an extra layer of security to make it harder for hackers or an unauthorized person to access your account. Since there is more than one way of accessing an account, any hacker who’s able to get through the first tier of security (like cracking your password) will be stopped in their tracks as they won’t have access to the other security factors you’ve enabled.
The Different Types of MFA
Below we’ve detailed the different types of MFA you can enable to keep your data secure.
This pertains to physical items that a user possesses to authenticate their login process. These could be a key fob, smartphones, USB drives, security tokens, or the phone’s SIM Card. For example, you might receive a notification on your phone asking if you’re authenticating the login of one of your accounts on a new device. One-time passwords (OTPs) also fall in this category since this is usually sent to your email or phone number.
What falls in this authentication factor category are passwords, PINs, or answers to secret questions. Whatever a user can recall and remember is considered a knowledge factor. This is usually the first level of security you’ll encounter when you try accessing your account.
To put it simply, anything that falls under this category is a part of a user’s body that can be used for authentication purposes. ‘Are Selfies the Next Best Security Tool?’ by HP highlights how companies have begun using facial recognition to improve the security of their products and services. For instance, numerous phone manufacturers like Apple and Huawei have installed facial recognition systems to map out a unique detailed depth map of your face — serving as a biological trait that can be used to confirm a login. Others that fit in this category are iris scans, voice verification, and palm scans.
Is MFA Perfect?
As with all security methods, nothing is 100% prone to vulnerabilities. In ‘The Security Downside of SMS-based Multi-Factor Authentication (MFA)’ by our very own George Mutune, he mentioned the security flaws of popular methods like SMS-based MFA. SIM swap attacks to SS7 network vulnerabilities, SMS-based MFA is far from being the perfect MFA method.
A Medium article by Stuart Schechter also illustrates the risks of enabling MFA. For one, you can permanently lose access to your account if you fail to answer a question on your chosen secondary MFA method. Another risk of enabling MFA is that it can make you careless since you now have the notion that your accounts are 100% secure. This can make you vulnerable to trusting unknown publishers and phishing scams.
Regardless, it’s still recommended to enable MFA on all your accounts — be sure to be on the lookout for security vulnerabilities that may compromise your data. If you want to learn more tips on how to practice cybersecurity, head on over to our article ‘Top 20 Cybersecurity Practices that Employees Need to Adopt’.
Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.