When trying to log in, a user must provide two or more forms of verification to access certain services, accounts or platforms.
Essentially, MFA asks a user to prove that they are who they say they are.
Microsoft asserts that: “Based on studies, your account is more than 99.9% less likely to be compromised if you use multi-factor authentication.”
It’s well worth your consideration then!
There are three main types of authentication:
Knowledge Factors – something the user KNOWS, such as a password or pin number.
Possession Factors – something the user HAS, such as a mobile phone.
Inherence Factors – something the user IS. For this, they might have to use a fingerprint, hand, or thumbprint. Other inherence recognition features could be voice or facial recognition. Obviously, a user would require certain hardware to make this type of authentication possible, and it may also negatively impact the end-user experience if it takes too long to do.
There are further, lesser-used authentication factors that some businesses employ. One of these is known as a location factor , which requires geolocation checks to confirm the location of a user before log-in is permitted.
A further example is a behavioural authentication factor . This one is based upon unique user behaviours exhibited when a user interacts with a certain device.
Bill Gates predicted the death of the password at a conference in 2004, saying:
“There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”
He was right.
A password alone is, these days, not considered sufficiently secure for business use. Passwords can be easily guessed and are more susceptible to brute force attacks. Therefore it’s common practice to have at least two authentication factors in use.
Each authentication factor has its own strengths and vulnerabilities, so combining will add more cohesive security layers to your login process. Which factors you choose to select, are largely down to your business requirements (and your preferences).
There are various ways of setting MFA up from least secure to most secure, but you also have to consider convenience. How much is this going to disrupt your end-user and what are you comfortable with from a security perspective?
You’ll need to work out what is suitable for your business and consider what is also fit for purpose. If you’ve got a low value app that you want to provide access for, a four factor authentication is going to be overkill.
But if you’re looking at something more financially focused, you’re probably going to want to put more authentication factors in place.
Just make sure you weigh up the risk level vs the impact on the end-user.
There are many.
Enhanced security: This is the most obvious benefit of multi-factor authentication. By asking users to provide multiple credentials at login, you’re reducing the chances of hackers accessing your systems.
This has become increasingly important with the rise in remote working. Cybercriminals can more easily gain system access when workers are remote, so it’s more important than ever to make sure your business is protected.
Easy implementation: MFA costs little to nothing to implement, depending on your requirements. If you’re already using the Microsoft Azure Active Directory, you can likely access MFA for no added cost.
Compliance with data protection laws and regulations: MFA implementation is often a key requirement for data protection compliance, and will also provide reassurance to customers that data security is front of mind in your organisation.
Flexibility of set-up: While there are many types of user authentication on offer, you can select which is the best approach for your business. You can tailor your set-up to suit the logistical, end-user and security needs of the business.
Compliance with your Single Sign-On (SSO) solution: Your MFA solution can work hand-in-hand with your SSO. This means your team doesn’t have to waste time (and struggle to remember!) multiple passwords when logging into an MFA protected system.
MFA services are offered by the big cloud providers. Both Microsoft and Google have their own MFA license options.
With Microsoft, there are multiple ways to enable Azure AD multi-factor authentication for your Azure Active Directory users based on the licenses that your business owns. Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory users and global administrators for no extra cost .
MFA should be a core element of your Identity and Access Management Policy, so it’s well worth doing – and doing right.
Is your user authentication secure? Stadia can design and implement an MFA solution to meet your security requirements without inconveniencing your users.
Call us today.
The post What is Multi-Factor Authentication (MFA)? appeared first on SCG - Stadia Consulting Group.
Stadia Consulting Group
8 Prykes Drive, Chelmsford, Essex CM1 1TP
All Rights Reserved | Stadia Consulting Group Ltd