In IT security circles, there is a common school of thought that you must accept some risk when protecting your environment. Try as you may, vulnerabilities will always exist. However, adding layers of security components allow you to drastically reduce the risk of a compromise. Multi-factor Authentication does just that, it provides extra layers of security components to impede malicious access attempts on your environment and elevates your overall security posture.

 

What is Multi-Factor Authentication?

Multi-factor authentication (MFA) is a security augmentation strategy that uses a layered approach in the authentication process. The idea is that an end-user must verify their identity with two or more methods before authenticating into an environment.

 

Basic Authentication Versus Multi-Factor Authentication

Basic Authentication or legacy authentication processes only require a single method (username and password) to authenticate to an environment. While this was an effective security measure in years past, it is no longer a practical measure of security unless coupled with additional layers of authentication.  

Multi-factor authentication often uses basic authentication principles but then compounds, prompting multiple additional security tiers aimed to prove a user is who they say they are when attempting to enter an environment.  

Examples of MFA:

MFA is composed of four distinct components to prove identity in the authentication process:

Something you know

This can be a password, pin number, or security prompted question such as:  

  • What is your mother’s maiden name?  

  • What city were you born in?  

  • What was your high school mascot?  

Something you have

This component authenticates a user through verification methods such as a smart phone, Microsoft authenticator app, FIDO2 key, or even a certificate.

Something you are

Verifies a person by leveraging biometric technology such as facial recognition software, fingerprint readers, or even voice recognition software


Somewhere you are

A newer component of MFA, validates whether a person is in a trusted location such as your home or office. If a user is in a location that is atypical or impossible location based on their prior login, the user may be blocked from the environment or asked to provide other forms of authentication.

 

Establishing MFA for Your Business:

When establishing MFA for a business, begin by taking inventory of the circumstances of your environment. Start with the low-hanging fruit. For instance, do you have on-prem assets, cloud assets, or both? Use this as a launching pad to determine which software will fit best with your environment. If you’re in the Microsoft ecosystem and your source of truth is in Active Directory (on-premises) or Azure Active Directory, continuing with Microsoft programs is likely your best bet. If you are using an alternative identity ecosystem such as PING, then leveraging PING’s MFA solution could be a better fit. The bottom line is that MFA can work with any program your ecosystem supports.  

Next, determine which methods of MFA are best for your business. The common choice is to establish MFA using an authenticator app on a cell phone. The “something you have” component can be set up to run in the back end of your MFA architecture. If you already have highly intelligent systems like Azure AD, authentication methods like security questions or confirmation emails can be easily prompted.  

Next, move on to the more complex questions. Decipher whether it is realistic to deploy the Microsoft Authenticator App (or equivalent tool) throughout your business. If it is realistic, then identify scenarios where you are unable to use the Microsoft Authenticator app. Ascertain what scenarios you’ll need to deploy FIDO2 keys or certificates. By following these steps, you’ll position your group to confidently roll out MFA to end users.  

 

Common Threats That MFA Obstructs

MFA can help protect your identities against attacks such as phishing, man in the middle (MITM), and password spraying. MFA’s additional layer of security spoils the intentions of cybercriminals by making it difficult to authenticate beyond username and password.

 

Conclusion

In today’s cyber landscape, multifactor authentication is a must. If you have not already prepared to establish MFA for your business, now is the time is now to do so – the safety of your digital identities depend on it. If there are any questions about the process securing your identities using MFA, please reach out to our team. We’ll see you on the other side!

 

 


 

Contact us to learn more about Digital identity


Demetrius Cooper is Moblie Mentor’s Digital Identity lead. He has over 11 years of industry experience with a predominant focus on digital identity. A Chicago native, Demetrius lives and works in Atlanta, GA.