Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Strengthening the Magic of Passwords with Multifactor Authentification

A password is repeating something you typed in the past to identify yourself in the future, but ill-intentioned actors can obtain these with increasing ease. Technology came to the rescue, sort of.
By Diego Laje
As hackers get better at bypassing security measures, especially passwords, more steps have to be added to secure data online. Photo By rzoze19, Shutterstock.
As hackers get better at bypassing security measures, especially passwords, more steps have to be added to secure data online. Credit: rzoze19/Shutterstock

Impersonating users online is only a guess away if only a password protects assets and information. As a result, most online service suppliers came up with two-factor authentication.

This is using a second way, in addition to the password, to ensure that the user really is that specific person and not a scammer, according to a report by the Cybersecurity and Infrastructure Security Agency (CISA).

There are three common ways to identify someone online: by something that is knownlike a PIN or password, something that is owned—like a key or telephone, or something that the user is—like her face, voice or fingerprint; according to CISA.

Two-factor authentication (2FA) means using two of these factors and multifactor authentication (MFA) implies more than two of these. For example, a USB security key, more than one password and facial recognition.

There’s one point to consider in this, as “levels of trust” can be made more flexible. For example, once a first login happens from a new device, subsequent attempts to access may require fewer proofs of identity, going from multifactor to lower levels of security.

Still, this is a race where security is always tested for vulnerabilities. And with time, some factors beyond passwords have been compromised.

“Even with MFA enabled, however, there have been several high-profile compromises over the past couple of years where attackers were able to bypass traditional forms of MFA, such as SMS texts, authenticator apps, or push notifications,” said CISA Director Jen Easterly in a blog. "

The agency is ringing the alarm over insufficient adoption of MFA.

“One top vendor reports that only about a quarter of their enterprise customers have enrolled in MFA. More significant is their report that only about one third of the system administrators of those organizations use MFA,” Easterly said in the blog.

Potentially hacked system administrations mean a special vulnerability as this means many users could be compromised.

So it’s time for everybody, especially the 66% of administrators who haven’t done it yet, to celebrate Cyber Security Awareness Month with the establishment of more authentication factors in emails, social media and, especially, bank account and financial information websites. Halloween marks the end of October and, to avoid getting tricked by scary cyber criminals, it’s better to treat oneself with upgraded security.

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying The Cyber Edge?
The Cyber Edge is part of SIGNAL Magazine. Subscribe or join AFCEA to receive SIGNAL and its award winning news.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA

Related Cyber Content