Settings
Language
Color Theme
What is Multi-Factor Authentication (MFA)?
MFA is a security process in which a user is required to provide two or more authentication factors in order to access a system or service.
What is MFA?
Multi-factor authentication (MFA) is a security process in which a user is required to provide two or more authentication factors in order to access a system or service.
View Options Again
A technology which infects your computer with malicious software
A process which determines what level of permission you have once authenticated
A process which requires a single factor of authentication in order to access a system
A process which requires two or more factors of authentication in order to access a system
Is the following statement True or False:
MFA makes it more difficult for cyber criminals to gain access to systems
MFA enforces multiple forms of authentication. Because of this, cyber criminals can't login to services you use, even if they guess or obtain your password through other means. They need to capture the secondary form of authentication which is typically something you have or something you are.
View Options Again
True
False
Types of MFA
There are several types of MFA, these types can be broadly classified into three categories:
Something you know
Something you have
Something you are
This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.
This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.
This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.
Which of the following is NOT a type of MFA
Somewhere you are is commonly referred to as a contextual access control but not an MFA type. This is because it's something that can typically be spoofed by an attacker. For example, if a geo-restriction is placed on a service so only people from Australia can login, an attacker can simply use a VPN to bypass this.
View Options Again
Something you have
Something you are
Somewhere you are
Something you know
Diving into the types of MFA
Not all MFA types and protocols are made equal. Over the next few pages we'll deep-dive into the various MFA types, the supported methods and discuss their strengths and weaknesses.
MFA best practices: Something you know
A password is commonly used to demonstrate something you know. A benefit to passwords is that they're widely accepted and easy to use. However, attackers can guess, crack or steal passwords through social manipulation.
MFA best practices: Something you have
A One-Time-Password (OTP) is a common form of authentication for something you have. While it sounds simple, there are a variety of different forms for delivering these OTPs:
SMS-based OTP
Software-based OTP
Physical OTP
SMS-based OTPs are widely available, and can be used with almost any mobile phone. However, some disadvantages include reliability and security as SMS messages may be delayed and SMS messages can potentially be intercepted by attackers, through a SIM-swap attack. SMS OTP is generally considered the weakest way of proving something you have.
Software-based OTPs are widely available, customisable and secure. However the downside is that it requires continued access to your phone or device. If you lose the device storing your token, you may have trouble gaining access to your accounts.
Physical OTPs involve a dedicated physical device, such as a security token or a key fob, as an additional authentication factor. An advantage of this method is that it's highly secure and durable, However, some downsides include inconvenience to users, compatibility with systems and the capital expenditure associated to buying physical tokens.
MFA best practices: Something you are
Something you are typically refers to biometric authentication factors that use physical or behavioural characteristics of an individual to authenticate their identity.
Fingerprint
Facial recognition
Voice recognition
A fingerprint is a unique physical characteristic that can be used for authentication. Fingerprint authentication is generally considered to be the most accurate and secure. However, fingerprint authentication may not be suitable for individuals with medical conditions or disabilities that affect the fingerprint, and it may not be convenient.
Facial recognition uses AI to analyse the unique features of an individual's face to authenticate their identity. Facial recognition is generally considered to be fast and convenient. However, facial recognition may be less accurate and secure for individuals with certain physical characteristics, such as those who wear glasses or have facial hair.
Voice recognition uses AI to analyse and compare the unique characteristics of an individual's voice to authenticate their identity. Voice recognition is generally considered to be convenient and easy to use. However, it may be less accurate and secure for individuals with accents or speech impairments.
What is the most secure way of proving something you are
While voice and facial recognition are useful methods of proving who you are, they are not the most secure as they are prone to inaccuracies which may lead to an attacker spoofing your voice or face. A fingerprint is generally considered to be the most accurate and secure method. A password is something you know, not something you are.
View Options Again
Voice recognition
Password
Fingerprint
Facial recognition
What is the WEAKEST way of proving something you have
SMS-based One-Time-Passwords (OTPs) are generally considered the weakest way of proving something you have. This is because SMS OTPs can be intercepted through a popularised attack called SIM-swapping. The more secure methods for this type of authentication are to use software or physical OTPs
View Options Again
Mythological One-Time-Password
Physical One-Time-Password
SMS-based One-Time-Password
Software-based One-Time-Password
Wrapping up
While there are a variety of different types of authentication and multiple methods within each, implementing at least two types will help to significantly reduce the likelihood of cyber criminals compromising your online accounts.
Back
Next
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
