Multi-Factor Authentication
Definition
Multi-Factor Authentication refers to any supplemental methods of user validation by which the user is required to provide additional information to substantiate their claims of authenticity. This is separate from backup authentication, such as password and username recovery services.
The Good Reasons To Implement Multi-Factor Authentication
There are many reasonable arguments to support the integration of MFA into your web service design, but the additional layer of security that it provides is by far the most convincing. The proper implementation of an MFA system can significantly reduce the number of users that are vulnerable to malicious impersonation.
In addition to the security argument for MFA, there are additional benefits that have been observed. The first of these additional benefits is the reduction in fraudulent account creation as most methods of MFA significantly increase the time it takes to create a new account. The second of these benefits is the inherent peace of mind it can provide for your users, as it helps to ensure that their accounts are more secure. Lastly, MFA can provide a secondary method of backup authentication in the event of total account failure; This step should never be automated.
The Bad Reasons To Implement Multi-Factor Authentication
Some web services will implement MFA with malicious intentions. These intentions can lead to several consequences. Examples have been included below to help you understand why and how these implementations are used.
MFA is often used as a form of user-data collection by social media platforms. This is done to aid in verifying user identity for the purposes of assigning marketing campaigns, or to increase the value of these profiles so that they may be sold to another party.
MFA is occasionally used by oppressive government regimes to track their users. This is also done to profile their citizens in order to restrict access to government services.
Malware is also occasionally distributed through MFA systems for mobile services. This can be relatively benign, such as a mobile authentication app mining digital currency in the background. Or this can take a more serious approach by compromising the user’s device and allowing it to be remotely exploited.
Methods For Implementing Multi-Factor Authentication
The final part of this article will be discussing some common methods for multi-factor authentication and each of their benefits and weaknesses. MFA implementations can vary significantly, but they can typically be put into one of the following categories: what you have, what you know, where you are, and what you are. A list of MFA methods has been included below.
-
- SMS – Where you are/What you have This is a processes of MFA by which a web service will send an automated SMS message to a cellular device. This message will contain a password which must be entered in addition to your normal login credentials in order to authenticate with the web service.
Benefits Provides an additional layer of security. Has a high level of accessibility. Is able to be automated.
Detriments Is unencrypted. Is broadcast to a large area. Is vulnerable to SMS based attacks such as sim-spoofing.
-
- EMAIL – What you know This is a processes of MFA by which a web service will send an automated Email message to a cellular device. This message will typically contain a password, or hyperlink with an embedded password, that can be used to authenticate with the web service.
Benefits Provides an additional layer of security. Has a high level of accessibility. Is able to be automated.
Detriments Is typically unencrypted. Is easily falsifiable. Is vulnerable to email server exploits.
-
- BIOMETRIC – What you are This is a processes of MFA by which a physical presence is required for authentication. This is seen more with physical security services, but some web services will also implement forms of this. Biometrics rely upon physical characteristics of the user. Examples such as fingerprint scanning, retina imaging, and voice activation are common.
Benefits Provides an additional layer of security. Has a low rate of access. Lots of industry options for equipment.
Detriments It is exceptionally difficult to change your bio-metric information. Long setup times. Most bio-metric sensors can be readily fooled or bypassed.
-
- KEYCARD – What you have This is a process of MFA by which a physical object, in addition to a username and password, is used to authenticate with a web service. The physical object is typically a keycard with an encryption key or extra password stored on it. Government organizations and large corporations often use this form of MFA as it resembles physical security and is thus easier to manage.
Benefits Provides an additional layer of security. Easy to regulate. Requires physical control of the keycard.
Detriments Requires physical control of the keycard. The keycard can be physically stolen. More expensive than other methods.