Why MFA is Stronger than Two-Factor Authentication
We’ve long understood the need for multifactor authentication (MFA) solutions that decrease our reliance on passwords alone for network access control. MFA requires a combination of verification factors, such as a password or PIN along with a security token, mobile app or biometric identifier. Two-factor authentication (2FA) has been required in many industries for years, but there is growing support for systems requiring all three factors.
Although 2FA enhances security by reducing reliance on weak passwords, it is far from impenetrable. Consider the notorious 2020 Twitter hack. A group of teenagers used social engineering tactics to bypass the social media giant’s 2FA controls to steal $120,000 in Bitcoin. They also took temporary control of accounts belonging to 130 high-profile users, including Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Kanye West and Kim Kardashian.
Here are three common ways 2FA solutions can be compromised:
- SIM hijacking. Getting a one-time code on your smartphone is the most common second authentication factor. However, hackers can use social engineering techniques to persuade your cellular provider to activate your phone number on a SIM card in their possession. They can then intercept verification codes sent to your device.
- Man-in-the-middle attacks. Criminals use phishing kits to capture authentication codes in transit from online services. The kits allow hackers to deploy counterfeit websites that mirror the live content of the target website. They can then extract credentials and codes before forwarding requests and responses between the two parties in real time.
- Public Wi-Fi. Using free public Wi-Fi networks increases the risk that your data could be intercepted. Hackers often create rogue networks to launch man-in-the-middle attacks and hijack computing sessions. Any passwords or verification codes the user sends or receives become visible to the intruder.
The MFA Advantage
MFA offers more protection by requiring additional verification factors. It’s the functional equivalent of adding extra locks on a door — it adds layers of security that make it more likely hackers will simply give up and look for an easier target.
MFA offers more protection by requiring additional verification factors.
In addition to passwords and phone authentication techniques, MFA solutions frequently use authentication applications such as Cisco Duo and Google Authenticator as third factors. The apps are installed on mobile phones and generate real-time codes that change every 30 seconds. This method is more secure than a text message because it eliminates the possibility of the code being intercepted in a man-in-the-middle attack.
Push notifications and hardware tokens are other commonly used factors. Push notifications sent to the user’s device alert them that an authentication attempt is taking place, allowing users to approve or deny access. Tokens generate one-time codes based on a cryptographic key stored inside the device.
Tokens are generally very secure since they have no Internet connections, but they can be difficult to use. Additionally, if a security token is lost or stolen an unauthorized user may be able to access sensitive information.
The “Adaptive” Approach
To relieve the burden on users, many organizations are adopting “adaptive” MFA solutions that authenticate users based on behavioral and contextual factors such as location, device status and user behavior. Using machine learning, adaptive authentication can detect subtle changes in the way a password is typed, the way a mouse is moved, or even how users pinch, zoom and swipe the screen on a mobile device — behaviors that are virtually impossible to replicate. If suspicious behavior is detected, the user could be required to use another form of authentication.
Passwords alone are no longer sufficient for authenticating users. Nearly three-quarters of all confirmed network intrusions involve weak, default or stolen passwords. While two-factor authentication enhances security, MFA adds additional layers of protection that are much tougher to defeat. Contact us to learn more about implementing MFA for your organization.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.