Multi-factor Authentication – revisited
It has become clear that one of the primary assets hackers are looking to acquire when information is stolen are the user credentials. Once credentials are stolen, sophisticated methods to scour websites and apply the stolen credentials are used to gain access to your information with the intent on monetizing. Because of this, many of the web sites you visit no longer simply accept a login ID and password as a method of entry. You may see additional identification safeguards such as a PIN or passcode that is sent to your phone or an email sent that is requesting verification. Additionally, these sites appear to know when you are trying to access their site from a new workstation, laptop, or mobile device.
These websites are now using various forms of “multi-factor authentication” to help prevent unauthorized access to your accounts. Multi-factor authentication generally adopts two or more of the following concepts to validate your identity when you log into the site or application. It’s also important to note that the strongest multi-factor authentication utilizes controls across more than one category:
- Something You Know – This is the most common form of authentication and the form that has historically provided the basis for credentials. The User ID and password are unique to an individual and provide us the opportunity to remember something unique and, when entered correctly, grant us the necessary access. Other forms of this authentication include a PIN (bank ATM), security questions (mother’s maiden name, high school mascot), etc.…
- Something You Have – This form of authentication incorporates something in your possession that establishes proper credentials. Common forms of this authentication method include a bank card, a mobile device that receives an authentication code, a key fob or token which provides a unique code, or phone which receives a call verifying proper identification. Another common form of this type of authentication is the recognition of a computer serial number or network MAC address that uniquely identifies your workstation.
- Something You Are – This form of authentication includes elements that are specifically unique to the individual, such as biometric data. For example, individual characteristics such as fingerprints, voiceprints, DNA, iris or retinal scans, and facial recognition are all forms of biometric characteristics that uniquely identify an individual.
While the additional authentication methods add a few seconds to a login process, they provide an increased level of security and control that make it much more difficult for an unauthorized party to gain access to you and your company’s sensitive information.
It is always best practice to NEVER provide your user credentials to anyone. Individuals providing support should never need this information. This applies to user passwords and ANY other secret authentication information.