What is Multi-Factor Authentication? And, Why We ALL Need it!

Multi-factor authentication (MFA) adds security to online networks by requiring more than one form (factor) of identification. It improves network security because it can’t be hacked with just a username and password.

In this article, we’re going to examine why businesses need to use MFA.

Multi factor authentication using a mobile phone
Mobile phones are often part of multi-factor authentication

The Problem

Though antivirus and firewall solutions are your first line of defence against cybercrime, their protection only reaches so far.

Cybercriminals make a career of accessing sensitive systems and databases. It’s a big business! Data of all kinds, from personal information to intellectual property, can be bought and sold on the dark web for huge sums of money.

But beyond choosing a strong password, what else can be done to verify a user’s identity? How can you make sure that you’re only granting access to authorised users?

User Passwords

Standard username and password logins are a very basic – and rather insecure – way of verifying a user’s identity.

Company email addresses can be easily found online, and many of us have them as our usernames. If a hacker has yours, they need just one ‘authentication factor’ to access your data: your password.

Though passwords are far from useless, they can be surprisingly easy for cybercriminals to compromise, especially if you use bad passwords.

Hackers may use automated ‘password spraying’ to force entry, or hack into a victim’s email account and steal any login credentials stored there in plain text.

Nowadays, particularly sensitive systems need something a little stronger.

What is Two-Factor Authentication (2FA)?

Two-factor authentication is a computer access control mechanism whereby two pieces of identifying information (factors) are required before user access is granted, rather than just one.

By supplementing your entry security with an additional factor, you instantly make logging into your systems more secure. Even if a hacker has a legitimate username and password, they’re still stuck without access to the additional factor.

2FA is commonly used in conjunction with password-protected logins to provide a second layer of assurance that the person logging in is the person they claim to be. Most of us encounter these to log in to online banking.

Using 2 factor authentication, identity can be verified using any two of the following:

  • Something the user knows, like a username, password, security question/answer, or PIN.
  • Something the user owns, like a smartphone (via a notification or text), hardware token, or pin pad.
  • Something inherent about the user, like a fingerprint, retina scan, or voice recognition.
  • The user’s location, only allowing access to those in certain physical locations, or using specific IP addresses.
  • A time-bound verification, only allowing entry to those authenticating within a certain time window.

How Secure is 2FA?

That really depends on the two factors that are chosen.

Something like a fingerprint or voice recognition system is far more secure than a mere SMS text or email containing a verification code in plain text.

Why?

Because phones and email inboxes can be compromised. If your additional security factor isn’t provided through a strongly encrypted channel or isn’t reliant on something biometric, a particularly determined hacker could potentially access both factors.

For example, if a login to a sensitive system or database relies on an email address, a password, and an SMS verification code, a hacker could potentially find the person’s email address online, hack their password, and also hack into their phone to see their text messages.

However, if another encrypted factor were to be introduced (or indeed if the text message were replaced with something more secure), the chances of the system being hacked become exponentially more remote.

For two factor authentication, choosing secure authentication factors is essential. But you can take access control security even further with MFA.

Why is Multi-Factor Authentication (MFA) Better than 2FA?

Multi-factor authentication is a computer access control system where three or more identifying factors are needed to verify a user’s identity before entry is granted.

Factors can be any mixture of the examples listed above, though, the more authentication factors you employ, the more roadblocks you put in the path of hackers.

It’s natural to want maximum protection, and technically you can have as many authentication factors as you like. However, you need to retain a certain level of practicality.

The more authentication methods you include, the more hoops your team will have to jump through every time they need access. If the MFA system becomes too cumbersome, they may start to resent it and try to find ways to circumvent it.

The biggest companies in the world use MFA to protect their systems but even a small business can set it up quite easily.

What is the Best MFA Solution: WatchGuard AuthPoint

Though there are numerous excellent multi-factor authentication solutions on the market, the experts here at Just Firewalls recommend AuthPoint by WatchGuard.

It’s compatible with a vast array of systems, it provides numerous authentication options, and is remarkably easy to use. It also works seamlessly with other WatchGuard network security products.

How Does AuthPoint Work?

The AuthPoint system consists of a cloud-based control centre. Everyone who needs authentication installs the freely available WatchGuard AuthPoint app on their smartphone.

Each login uses multi-factor authentication and is recorded in the cloud platform, forming an auditable log of successful logins and unsuccessful attempts.

There are three ways (factors) to authenticate through the AuthPoint app:

  • Push Notifications – Sends a notification to the user’s mobile phone when a login attempt is made. This prompts the user to confirm or deny access through their phone. If a prompt appears when the user isn’t trying to do anything, they should deny access.
  • Time-Based One Time Pass Codes (OTPs) – This requires the user to open the app and retrieve a time-restricted 6-digit code.
  • QR Code Authentication – This requires the person to use the AuthPoint app to scan a unique QR code displayed on the PC screen.

The QR code method is the most secure in our estimation because a would-be hacker has to physically have your phone to scan the QR code.

How Secure is AuthPoint?

You may be wondering how secure it is to simply use a mobile app for MFA, and the answer is that it’s very effective.

When a user is set up on the AuthPoint system, the app takes a reading of the mobile device’s unique ‘DNA’ – meaning that that individual device can only be used to authenticate that individual user.

AuthPoint also offers legacy support for hardware tokens – physical authentication dongles and pin pads – though these are now falling out of common usage because they’re easy to mislay, and they often rely on older, hackable encryption technologies.

We’re naturally more protective of our phones, so we’re much less likely to leave them unattended or lose them.

What Can AuthPoint Protect?

AuthPoint can be used as an extra authentication step for most types of digital login.

It’s commonly used to authenticate access to third party applications like Office 365, G Suite, SalesForce, AWS, Harmony, and Citrix. However, you don’t have to stop there – you can use AuthPoint to authenticate access to your firewall, your VPN, even your PC!

Simply put, if a solution uses the SAML 2.0 authentication protocol, then you can almost certainly protect it with AuthPoint.

Armed with the free AuthPoint mobile app, your staff can even authenticate access to their personal logins, including the likes of Facebook, Gmail, PayPal, and Amazon.

Even though the authentication codes may sit side by side in their AuthPoint app, these additional credentials don’t come into contact with the organisation’s IT infrastructure in any way, so there are no data privacy concerns to worry about.

When employees leave the company, they’ll still be able to use the app for their personal logins, but you can easily remove them from accessing company assets.

Summary

Organisations of all shapes and sizes should be concerned about cybersecurity. Hackers are targeting smaller and smaller companies as they’re often softer, underprepared targets. Don’t become the next victim.

When used correctly, multi-factor authentication can give you remarkable peace of mind in the battle against hacking and phishing attempts.

If you’re interested in adding an extra layer of protection to your sensitive cloud services, databases, and other digital resources, ask us about AuthPoint. Enjoy secure access control for just 8p per user, per day – and if you have more than 50 users, it’s even less!

Speak to our team today on 0808 1644414 to discuss your authentication options and to claim your free cybersecurity health check.