3.9.1 Cybersecurity Tips: Multi-Factor Authentication
Multi-Factor Authentication
Introduction
To better protect your online accounts, it is essential to not only just set up a strong password, but also require multiple forms of verification before granting access to your accounts. This process is called Multi-Factor Authentication (MFA). MFA generally requires you to provide verification based on the device you have, the information you provide, and/or the biometric information you have.
What you need to know
MFA verification can utilize devices, authenticators (physical authenticator or authenticator applications), and biometrics. Each method adds a unique layer of security. For example, device-based authentication may involve a text message or phone call, while physical authenticators can use tokens or keys to authenticate. Biometrics, such as facial/voice recognition or fingerprint scanning provide a robust way to confirm identity by relying on unique biological characteristics of the account holder.
What you should do
Device-based authentication includes text message authentication, phone call authentication, and email verification.
- Text messages authentication: when you login into your account, a one-time code is sent via text messages to your registered phone number, you need to enter this code to verify the login activity.
- Phone call authentication: instead of a text, you receive a phone call with a code or confirmation prompt when you login.
- Email verification: The one-time code is sent to your registered email instead of your phone.
Physical authentication includes authenticator apps or physical devices.
- Use an authentication device or apps such as RSA SecurID, DUO security, or Google authenticator to generate a rotating series of verification codes specific to the linked account.
- Invest in physical tokens or keys such as YubiKey for a tangible way to protect sensitive accounts. These devices can authenticate via USB connection or use Bluetooth and near-field communication (NFC) for authentication.
Biometric authentication uses your unique physical traits to verify your identity, some common methods include voice recognition, fingerprint palm print scanning, iris or retina scanning, facial recognition, and DNA.
- Voice recognition: verify your identity through your voice pattern.
- Fingerprint and palm print scanning: verify your identity with the unique ridges of your fingerprint or palm print.
- Iris or retina scan: verify your identity with the intricate patterns of your eye.
- Facial recognition: verify your identity with your face through a camera.
- DNA: verify your identity using your DNA as a definitive form of identification in high-security environments.
References:
Microsoft. (n.d.). Microsoft Entra MFA: Multi-factor authentication. from https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-mfa-multi-factor-authentication
JumpCloud. (n.d.). Biometric TOTP 2FA: The next evolution of multifactor authentication. from https://jumpcloud.com/blog/biometric-totp-2fa
Okta. (n.d.). Biometrics: A secure authentication method. from https://www.okta.com/identity-101/biometrics-secure-authentication/University of Kentucky Information Technology Services. (n.d.). Why you should be using multifactor authentication for all your online accounts. from https://its.uky.edu/news/why-you-should-be-using-multifactor-authentication-all-your-online-accounts