Multi-Factor Authentication: Protecting your (digital) assets

Multi-Factor Authentication (MFA)

Also known as, Two Factor Authentication – it’s a method that confirms access to the user, preceded by two (or more) levels of authentication, either through a string of four to six digits on a specific device. This happens if a password is compromised, a second layer of defense to further compromise an account or an organizations’ data. Similarly, think of it as your home alarm system; should an intruder bypass the window/door, motion sensors inside your home acts as a second line of defense.

Pushed alerts

This protection usually comes in an application through your phone or in a text message. On a suspicious (or odd) event, this app will prompt you with a set of numbers every 30 seconds. It constantly changes and serves as a preliminary requirement, which required entering your password. Some applications such as Azure Multi-Factor authentication includes push notifications. If you’re trying access your email, a notification gets pushed to your phone and prompts you to either, allow or deny the login. This does require your phone to be setup with a pin of its own. In some cases, biometrics is enabled (just in case you lose a device, then they would need a pin to approve the request.)

Another layer, another step

Some consider it a pain & may take a bit of getting used to, but it’s an additional layer of protection for the user and organization. Applications that have push notifications such as the Azure MFA app have helped streamline this process down just clicking/tapping “allow.” Most compliance standards are now requiring Multi-Factor Authentication to be implemented in any environment that has any personal identifiable Information on it. Even for networks without this kind of data it is highly recommended, and in most compliance cases it is encouraged.

Other familiar types of MFA/2FA

There are physical devices such as PID cards, RSA Tokens, and YubiKey which are all acceptable devices to compliance standards. A lot of organizations use soft-tokens such as a cell phone application to provide MFA, as it is now a common place to have smart phones, even ones provided by the employer.