Multi-Factor Authentication (MFA) - Information Technology

Multi-Factor Authentication

Multi-factor authentication no that's something that's gaining popularity and well everyone sees is really important for security but what does that really mean what does that really do for us that you know a traditional login method like username and password that's not do know I know I've talked about this in the past before but that was sort of quite a limited level so today we're gonna delve further we're gonna take a closer look at what multi-factor authentication really means and how it's useful to us so yeah now first of all what is multi-factor authentication you've probably seen this before you know when you're logging into certain sites you get a message on your foot on that message there is this code which you then key in and that is sort of part of the login process to confirm it to you in certain cases you may even have to generate a code you know using your mobile phone or even a dongle like this one so the thing is well we get the idea that sort of we are authenticated in a different way but how does that help us to better understand this we're gonna have to delve into the fundamental concept behind authentication in the first place and let's start off with why we even need a password now here's you when you go to a website that has a username and a password you know for you to sign in on really what's happening that the idea is you're trying to identify yourself to the website by entering your username you are declaring that hey I am this bus it clearly that's not enough to sign you in right which is why they have a password a password is a way for you to prove that you are indeed that person you claim to be so the question then is why that's the password work Espoo the reason why this works is because it is a shared secret between you and the web service so you can see why this is sort of a fair assumption that you know if I sure that you are the only one who knows this piece of information and you can't present it to me it gives me some reassurance that you are who you claim to be of course we know that in many cases this is not true and well we can't see the problems of putting too much reliance on a password especially if it's one that you generate that is where multi-factor authentication actually comes into play having

The password is one factor and well by using other different kinds of factors we sort of get more and more solid proof that it is indeed you and not anyone else so of course the next question is what are these factors well we've just already taken a look at one and that is known as what you know the two other factors are what you have and what you up so let's take a closer look at what these terms actually mean what you have is pretty simple and while this seems to be you know a fairly new thing in fact this factor of authentication has been in use for many many years now you know how when you go to an ATM and you try to draw money you're gonna have to put in your ATM card into the reader that is in fact of what you have kind of authentication this is why losing your ATM PIN isn't the end of the world losing your ATM PIN doesn't mean someone's gonna be able to break into your bank account because you're gonna need to supply the ATM card as well of loss if you lose both then well that's a problem but the point is these are two different factors what you know that is your PIN and what you have that is your card a more modern example of a what you have kind of situation is of course having a dongle like this one this of course when I press a button it actually generates a little code and that's what I use to authenticate myself if you don't have a dongle you can still have an app on your phone that generates the code for you and a value that January is based on some kind of algorithm that is phat by some input that is unique to you the idea is if I'm able to give the correct response it proves that I have this device and the whole idea is only what you know the third one is the interesting one which is what you up these actually boil down to something unique about you know a person for example an iris scan or fingerprint scan there really isn't very much to explain about this I think it's fairly straightforward the idea is there is something biologically about you that is hot too you know duplicate and yet can uniquely identify you this makes a different factor other than you know what you have or what you know I would say this is one of these sort of newer ways of authenticating a user but it's getting more and more common now that we have fingerprint scanners on both phones and personal computers so now that we've come so far now that we've understood

The general idea behind multi-factor authentication let's compare a few different use cases and see whether one is more secure than the other now if you've been paying attention when I was talking about the ATM card example you realize that well going to an ATM to draw money you only supply two pieces of information that is well the card itself as well as your PIN number however when it comes to signing in to say Facebook where you enter a username a password and a security code that seems to be more secure right because I'm supplying three pieces of information well as it turns out no both of these are two-factor authentication methods let's delve deep at taking a look at what firstly what's different between the two clearly when you actually you know trying to draw money from an ATM you don't have to supply a username the ATM card both identifies you as well as proves something under the what you have category your PIN is what you know therefore that's you different factors yet you realize that when it comes to logging into Facebook it's exactly the same your username and password may look like two different pieces of information but ultimately they both fall under the same umbrella of what you know therefore even though we have two pieces of information here it really only covers one factor and that will has the safety of basically one factor the added factor comes from the code which well depends on the fact that you have your foot and therefore falls under the what you have category therefore from this point of view at least the two are equivalents they're both methods that involve two-factor authentication for those of you who play games you know if you steam you realize that now when you're trying to sell your trading cards you're gonna actually have to go over to your phone and confirm it what this means is if someone has hacked your account and tries to you know sell away your precious items well if they don't have your phone they cannot do it therefore this is two-factor authentication right you meet what you know to sign in as well as what you have that is your fault however there is actually a small problem with this actually sell cards from my phone itself and then authenticate it using the same device that is one key prerequisite of the what you have passed if the thing you have is not separate from the thing you use the key in the what you know information it defeats the purpose entirely I hope you can see why this is a problem you know if someone wants to sell your cards and they pick up your phone well they can do it anyway there is no separate factor of authentication of course I'm not saying the way Steam does things isn't secure Kerli there is a loophole there but well it does sort of mitigate the risk because that malicious entity still needs access to your physical food in order to do this a similar example is say I'm trying to log into some service they send a message to my thought and because my fort has some kind of notification mirroring service eventually the court gets mirrored to my computer again I hope you can see why this is a problem here you now no longer strictly meet to have my phone in order to actually log in and that creates a point of failure so then what is the best way to stay safe obviously to use all three factors at once it will be really cool if you know you went to an ATM and you put in your card you hit send your pin and you had to scan your fingerprint that I've cost things even safer because now you probably have to be physically there in order to draw money so you have just a few examples of when multi-factor authentication works and doesn't work hopefully this paints you know of in-depth and clear picture about how the whole idea behind multi-factor authentication actually operates but yeah that basically wraps it up...