Multi-factor authentication (MFA) is a multi-layered approach to security and is a core concept in identity and access management. MFA extends the traditional username and password combination and it can include additional hardware and even make use of biometric technology. With a minimum of two levels of security (2FA), even if the first level is breached, the second authentication layer provides additional peace of mind. MFA works on the basis of three factors namely: something you are (face or voice recognition, fingerprints etc), something you know (like a password, or your favorite color) and something you have (a smartphone or OTP).
The two terms multi-factor authentication and two-factor authentication are often used interchangeably. 2FA falls within the realm of MFA as multi-factor demands a minimum of 2 levels of security.
There are a number of different types of MFA available and in use in our daily lives. Here are some of the most common ones:
A security key falls under the category of passwordless hardware authentication as it makes use of a portable USB dongle that is registered to a specific user account. By inserting the key, the user can prove they are physically present.
Smart cards work with embedded memory chips that are capable of storing data. In order to read data from a smart card, it has to be inserted into a reader. Smart cards fall into two categories: contact and contactless. Contactless cards makes use of Near Field Communication (NFC) technology which allows for wireless connections.
Biometrics makes use of a person's physical attributes for authentication. Instead of providing a username for verification, there are a number of options available including fingerprint mapping, retina scanning and facial pr voice recognition.
Magnetic stripe cards transmit data via magnetic labels. Pertinent data is stored on the card using magnetic storage media. The card needs to be swiped through a magnetic card reader in order to access the data.
Security tokens (STOs) and mobile phones as authentication are relatively new in the world of authentication. Mobile devices embrace the "something you have" factor of MFA. A smart phone is able to generate a token using a key that is shared with an authentication system.
Challenge/response authentication mechanism (CRAM) involves a question/answer format. In order to be authenticated, a correct answer must be provided. The question or challenge can be static or dynamic. A common static example is the classic "I'm not a robot" declaration where a user simply selects a checkbox. A popular dynamic CRAM is CAPTCHA or the Completely Automated Public Turing Test to Tell Computers and Humans Apart. This often asks users to click and select various images that meet a certain condition, or they have to identify randomly generated characters.
Each USB device or key has a unique code, and by simply pressing a button on the key, this is translated as keystrokes and read by the browser. With a security key, someone wanting access needs to know the passcode and/or PIN and be in possession of the physical device -the key serves as the second factor in 2FA - thus a two-step verification process is enforced.
Security keys are available for different USB ports. A Security Key makes use of different protocols, the most popular being FIDO2. FIDO2 does away with passwords and shared secrets.
A key is programmed to work within a specific domain. When you insert the key into your USB port, a site that supports key authentication will prompt you to insert the key and tap the button.
The browser sends a challenge to the key which is then signed by the key using U2F. The challenge will be encrypted and the data will include the current browser name, making it that much harder to launch a phishing attack.
One of the largest names in security key technology is Swedish company Yubico. Founded in 2007, Yubico is an industry leader, providing security keys for most major online platforms.
While Google has its own Google Authenticator, Yubico has worked closely with them and other industry giants like Microsoft. Together they jointly developed the FIDO Universal 2nd Factor (U2F) and FIDO open authentication standards.
Yubico's revolutionary invention is the YubiKey. With a track record of exceptional resilience against attacks, the YubiKey is fast, and effective and it uses both USB and NFC. Users simply need to touch the device for access. The YubiKey is standalone without the need for batteries and it eliminates human error from the security equation. There are a number of options available to both the individual and large corporations, and you can contact Yubico for assistance in choosing the option that suits you and your needs best.
In an online world where there's always a risk of data being stolen or systems being hacked, you can never be too careful with security. Mitigate the risk of phishing and loss of data by incorporating a two or more factor authentication system. With the advancement of technology, you are spoilt for choice as to which systems you wish to implement according to your specific requirements and budget.