19 Jan The Importance of Multi-factor Authentication
What is Multi-factor Authentication?
Multi-factor Authentication (MFA) is a cyber-security method that asks users to provide multiple pieces of information to access accounts, networks, apps or any other secure online resource. Asking for more forms of verification has key benefits for safeguarding against cyber-attacks and other breaches of security, but like any system, it relies upon correct use and vigilance.
Common MFA factors
The most common types of additional verification information (factors) used in Multi-factor Authentication fall into three main categories: knowledge, possession and inherence.
Knowledge includes information held by a user – usually a password or a PIN.
Possession covers physical items held by a user, such as a badge, swipe card or digital device.
Inherence means a form of identification based on a physical characteristic (biometric) that can identify an individual user, such as fingerprint, facial or voice recognition.
Other, more advanced methods of MFA are now entering common business use, with advances in Artificial Intelligence (AI). These include Adaptive, or Risk-based Authentication, which takes into account multiple factors simultaneously such as the location, timing, device or other aspects of an access request, to assess the risk that it could be a fraudulent login attempt. This might prompt a requirement for additional authentication or even result in denial of access.
Multi-factor Authentication as part of a cyber security plan
MFA should form part of defence measures included in any robust cyber security plan.
The combination of multiple factors from the knowledge, possession, inherence or other categories adds layers of complexity to permissions for accessing systems and should sit alongside controlled access (only allowing users to access the systems that they need for their specific role) and up-to-date password policies to form the best possible defence against hacking, information leaks and other forms of cyber-attack.
Get in touch with us to discuss any aspect of your cyber security plan.
Importance of updating password policies – a reminder
The latest advice on updating password policy from the National Cyber Security Centre (NCSC) states that organisations must understand the benefits and limitations of passwords as a first line of cyber security measures, in order to have the best possible defence against cyber-attacks.
User-generated passwords can be a weak form of security, often including common words or phrases or key personal information, sometimes repeated across multiple accounts, and easily fall prey to such hacking methods as password spraying, phishing and social engineering techniques.
Improving password-use
Effective methods of improving password-use within an organisation, as recommended by the NCSC, include reducing reliance on passwords, so only using them where absolutely necessary. Passwords should also be protected at all times, always masking passwords on screens without a “show password” option, in case screens are overlooked or left unattended, and storing passwords securely on devices so that they need to be entered on fewer occasions.
Organisations must support and train users to generate better passwords, as a standard part of all staff IT training, and also consider using technical solutions such as One Time Passwords (OTPs) and password generation software to reduce password repetition and other such risks.
Contact us for more information about Multi-factor Authentication or any other aspect of cyber security.