Settings
Language
Color Theme
What is Multi-Factor Authentication (MFA)?
MFA is a security process in which a user is required to provide two or more authentication factors in order to access a system or service.
What is MFA?
Multi-factor authentication (MFA) is a security process in which a user is required to provide two or more authentication factors in order to access a system or service.
View Options Again
A technology that infects your computer with malicious software.
A process that determines what level of permission you have once authenticated.
A process that requires a single authentication factor in order to access a system.
A process that requires two or more factors of authentication in order to access a system.
Is the following statement True or False:
MFA makes it more difficult for cyber criminals to gain access to systems.
MFA enforces multiple forms of authentication. Because of this, cyber criminals can't log in to services you use, even if they guess or obtain your password through other means. They need to capture the secondary form of authentication, which is typically something you have or something you are.
View Options Again
True
False
Types of MFA
There are several types of MFA, these types can be broadly classified into three categories:
Something you know
Something you have
Something you are
This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.
This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorized access when the user is not physically present.
This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorized access when the user is not physically present.
Which of the following is NOT a type of MFA?
Somewhere you are is commonly referred to as a contextual access control but not an MFA type. This is because it's something that can typically be spoofed by an attacker. For example, if a geo-restriction is placed on a service so only people from Australia can login, an attacker can simply use a VPN to bypass this.
View Options Again
Something you know.
Something you have.
Somewhere you are.
Something you are.
Diving into the types of MFA
Not all MFA types and protocols are made equal. Over the next few pages we'll deep-dive into the various MFA types, the supported methods and discuss their strengths and weaknesses.
MFA best practices: Something you know
A password is commonly used to demonstrate something you know. A benefit to passwords is that they're widely accepted and easy to use. However, attackers can guess, crack, or steal passwords through social manipulation.
MFA best practices: Something you have
A One-Time-Password (OTP) is a common form of authentication for something you have. While it sounds simple, there are a variety of different forms for delivering these OTPs:
SMS-based OTP
Software-based OTP
Physical OTP
SMS-based OTPs are widely available and can be used with almost any mobile phone. However, some disadvantages include reliability and security, as SMS messages may be delayed and can potentially be intercepted by attackers through a SIM-swap attack. SMS OTP is generally considered the weakest way of proving something you have.
Software-based OTPs are widely available, customisable and secure. However the downside is that it requires continued access to your phone or device. If you lose the device storing your token, you may have trouble gaining access to your accounts.
Physical OTPs involve a dedicated physical device, such as a security token or a key fob, as an additional authentication factor. An advantage of this method is that it's highly secure and durable. However, some downsides include inconvenience to users, compatibility with systems, and the capital expenditure associated with buying physical tokens.
MFA best practices: Something you are
Something you are typically refers to biometric authentication factors that use physical or behavioural characteristics of an individual to authenticate their identity.
Fingerprint
Facial recognition
Voice recognition
A fingerprint is a unique physical characteristic that can be used for authentication. Fingerprint authentication is generally considered to be the most accurate and secure. However, fingerprint authentication may not be suitable for individuals with medical conditions or disabilities that affect the fingerprint, and it may not be convenient.
Facial recognition uses AI to analyze the unique features of an individual's face to authenticate their identity. Facial recognition is generally considered to be fast and convenient. However, facial recognition may be less accurate and secure for individuals with certain physical characteristics, such as those who wear glasses or have facial hair.
Voice recognition uses AI to analyze and compare the unique characteristics of an individual's voice to authenticate their identity. Voice recognition is generally considered to be convenient and easy to use. However, it may be less accurate and secure for individuals with accents or speech impairments.
What is the most secure way of proving something you are?
While voice and facial recognition are useful methods of proving who you are, they are not the most secure as they are prone to inaccuracies, which may lead to an attacker spoofing your voice or face. A fingerprint is generally considered to be the most accurate and secure method. A password is something you know, not something you are.
View Options Again
Voice recognition.
Password.
Fingerprint.
Facial recognition.
What is the WEAKEST way of proving something you have?
SMS-based One-Time-Passwords (OTPs) are generally considered the weakest way of proving something you have. This is because SMS OTPs can be intercepted through a popularised attack called SIM swapping. The more secure methods for this type of authentication are to use software or physical OTPs
View Options Again
Physical One-Time-Password.
Software-based One-Time-Password.
Mythological One-Time-Password.
SMS-based One-Time-Password.
Wrapping up
While there are a variety of different types of authentication and multiple methods within each, implementing at least two types will help to significantly reduce the likelihood of cyber criminals compromising your online accounts.
Back
Next
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
