The bad news is that the hackers are getting more sophisticated in the techniques they’re using to release a cyber attack on your company. This can cause serious expense and loss for your company. The good news is that blocking these attacks does not have to be complex or expensive. By introducing multi-factor authentication into your security plan, your network security is exponentially improved.
Multi-Factor Authentication, also known as MFA, is a method of confirming a user’s claimed identity. The user is only granted access after successfully presenting two or more forms of identity confirmation. These are called factors. Factors fall into the following main categories:
- Knowledge: This is the most commonly used authentication method. The user is required to provide a password, PIN number, answer to a secret question or other information that only they would know.
- Possession: This requires the user to present a physical factor such as a key or ID card that they have in their possession.
- Inherence: This is a unique physical characteristic of the user, also known as Biometric Authentication. Factors such as fingerprint, face or voice are the most common ways to uniquely authenticate the user’s identity.
- Location: The user is required to be at specific location for access to be granted. This can be verified by use of GPS technology that is built into most smart phones.
- Time: This factor can be used if the user access is only available during certain hours of the day, such as during their pre-defined work schedule. Another way time could be used is to limit the amount of time that a system can be accessed from a second location. For example, if a bank account is accessed from the United States, access will be blocked from Russia 15 minutes later.
Because the old method of single passwords is so easily compromised by the hackers, it is common to add a second layer of authentication. This is called Two-Factor Authentication, also known as 2FA. Since most users have a smart phone with them at all times, they are often used as the second factor of authentication. When the user attempts to sign in with a password, they will be sent a unique identifying code to that user’s smartphone. This can be in the form of an app, email or a text. Then the user types that number into the system as the second factor. This proves that the user is indeed legitimate. If the hacker only has the password to the system they’re attempting to access, they would still need physical access to that user’s smart phone. The hacker would also need a fingerprint or pin code to even get into that smart phone to get the verification code. If the user knows the password and had physical access to the smartphone, it is assumed that they are the legitimate user. Many websites in the banking, investments, or other industries that have valuable or sensitive data are requiring Two-Factor Authentication to access their systems. This ensures security for you and them.
Other common factors are the fingerprint, face recognition or voice. With these bio-metric factors, the user touches, looks at, or speaks into the device to prove their unique identity. These are becoming more common as technology gets better and less expensive. Newer technology is using retina, iris scans, finger veins, hand geometry, even earlobe geometry as factors of verification.
With every additional factor that is required, the security gets stronger. If the user has to enter a password, submit their fingerprint, and enter a code that gets sent to their smart phone which is using a GPS required location, it’s nearly impossible for the hacker to fool the system.
All of this can seem overwhelming to a user, but as the technology becomes smarter, the users will adjust to the required factors. The most important thing is to understand what Multi-Factor Authentication is, why it is important, and how to implement it at your business. Many third party IT companies can offer these solutions to secure your network. They will need to know what types of workflows you use at your business and who accesses which systems. They will need to know what the password policies are and other security protocols that are already in place.
Once Multi-Factor Authentication is implemented, all of the employees will need to be trained on the new process of accessing each system to ensure that business efficiency is maintained.
There are many other layers of security outside of Multi-Factor Authentication that are important for a stable, secure network. A network security assessment is the best way to document the status of all of these layers of security. The network security assessment is a way to identify all of your network security needs so that you can make a plan to address each of them in order of importance.