What is Multi-factor Authentication?
Optimizing user experience comes in many shapes and forms, so when it comes to security, users want to know that their credentials are safe from any third-party cybercriminals. Multi-factor authentication is a combination of two or more independent credentials that establish a multi-layered security defense against unauthorized access.
Multi-factor authentication tackles the problem where a password isn’t enough to protect a device, network, database or secured location. A 2017 Verizon Data Breach Investigations Report [1] found that 81% of hacking-related breaches were enabled by weak or stolen passwords and that 75% of these breaches are executed by third-party outsiders.
In hopes of keeping private credentials safeguarded against hackers, multi-factor authentication and two-factor authentication have become the regular login procedure for popular consumer applications like Gmail, Facebook, and Twitter. But how does multi-factor authentication enhance security, and what is the difference between authentication and verification? Let’s dive into specifics.
What is multi-factor authentication and why is it important?
The digital age has made us more dependent on smart technology than ever before. From our classrooms and offices to our pockets and kitchen counters, our devices either go where we go or are stationed at our most frequented spaces. Our phones, computers, emails, and social media accounts all require passcodes for authorized entry, but sometimes those passwords aren’t sufficient.
People tend to gravitate toward easy passwords unless forcefully prompted to include numbers, capitalizations, and special characters. In addition to creating incredibly simple and hackable passwords, researchers at Virginia Tech University and Dashlane analysts found that 52% of consumers use the same password for a number of different services [2]. This means that if a hacker breaks through one account, accessing many others is then effortless.
Multi-factor authentication is the extra step needed after entering a password. This comes in a number of familiar forms you may not have even realized were multi-factor authentications. Single-factor authentication is the simplest of digital verification systems and has proven to be the most hackable. With the number of maliciously resourceful cybercriminals on the rise, multi-factor authentication has been on a steady and justified rise.
What are popular multi-factor authentication examples?
There are five different authentication factors that are enforced to strengthen identity verification; inherence, knowledge, possession, location, and time factors.
Inherence
Inherence factors require user biological traits to confirm authorized login. Facial recognition inherence authentication was one of the defining features of the Apple iPhone X. Fingerprint scanning is another common biometric authentication example found on computers, smart devices, and door locks. Other methods include voice recognition, retina, and iris scans.
Knowledge
Characterized by specific information known to a user, knowledge factors include usernames, passwords, PINs, and secret answers to security questions. This could be a debit card PIN number, or a complex password to access an email account.
Possession
Possession factors are tangible forms of login or entry credentials. A fob used to enter a building, a SIM card to access a wireless network, or an employee ID card are all common examples of possession factors.
Location
Smart devices are built with integrated GPS devices that understand your most frequented areas, so when an unauthorized person attempts to access your Facebook account from across the globe, you receive a notification for suspicious activity. So simply using your protected devices in your most frequented areas is an authentication factor.
Time
Typically referred to as a fourth factor, time is another background element that serves as an authentication factor. For example, completing a grocery shop in your local store will process as normal with your bank debit card, but if those same card credentials are used in France 20 minutes later, your bank will flag that attempt as fraud. It’s these logical security locks that help protect consumers from online bank scams.
Depending on what protected system you’re trying to access, the authentication factors will vary greatly. For example, a tenant living in a digital-secure building may need to enter a numerical code in addition to scanning a fob in order to enter their apartment. This would be considered a combination of a knowledge factor and a possession factor.
How does multi-factor authentication enhance security?
As per Verizon's Data Breach Investigations Report, the number of data breaches achieved by weak, hackable passwords has been on an alarming trend upward over the past three years. Multi-factor authentication aims to move away from simple single-factor authentication and complicate a hacker’s attempt to break in.
Multi-factor authentication enhances security by using confidential information only the original user knows. Beyond 7-character passwords, multi-factor authentication uses a number of authentication elements that supplement an otherwise unreliably simple log-in procedure.
In essence, unless the hacker has access to a fob, a PIN, or knows the answers to personal security questions, multi-factors provide necessary layers of security to prevent future breaches.
What is the future for multi-factor authentication?
Proving to be an excellent solution for business and individual users, multi-factor authentication’s future is a bright one. Financial institutions that offer online banking have already incorporated this fine-tuned security feature into their log-in process.
Popular consumer apps like Venmo and Paypal ask for additional information to supplement password entry. This step in the right direction will only benefit users and larger companies in the long-run and protect them against hackers.
One-time use tokens and time-based tokens have grown in popularity as well, and will likely continue to spread across the web. One-time-use tokens are used when logging in and to send a unique code to a phone via SMS or a unique link via email. These are common for password resets and identity verification processing.
Time-based tokens like Google Authenticator ensure that even if a user’s password is compromised, a hacker will still be barred from access because a time-based one-time password changes every 30 to 60 seconds.
At HP®, we aim to provide consumers with the highest grade of security to keep computers and tablets protected from unauthorized harm. HP SimplePass Fingerprint Reader utilizes inherence authentication factors to guarantee you, and only you can gain entry into your HP ENVY or HP Spectre laptop. Safety, guaranteed.
[1] Verizon, Data Breach Investigations Report
[2] Dashlane, Dashlane Uncovers Troubling Password Patterns
