MFA can help make your organization more secure. Tom Merritt lists five things you need to know about multi-factor authentication.
You need to know about multi-factor authentication (MFA), or as a lot of other folks call it two-factor authentication. Whether it's two or more, multiple factors of authentication make you more secure. What are the options? What are the factors you can use to authenticate? Here are five things to know about MFA.
- Knowledge. The old "something you know," such as your password or PIN. This is the one most of you already know and use, but maybe don't love. This factor type also includes those security questions that ask you what your first pet's name was or what street you grew up on.
- Possession. Something you have. This can be a USB key, a smart card, even an ATM card or an access badge. It also includes that code you get by text message and the one-time password authenticator apps from Google, Microsoft, Authy and others.
- Inherence. That's a fancy way of saying something you are. This includes your face, retina, voice, iris or fingerprint. There are also some options for behavioral analysis such as surfing patterns, mouse use or typing patterns among others.
- Location. Somewhere you are. This one is probably the least frequently used. It can be GPS or a connection to a specific network, among other things. This one depends on other security that ensures only the right people are there or on other network security that keeps bad actors off the network.
- Adaptive authentication. It looks at location, time, device and network among other data to estimate risk and adapt the security accordingly. If you always log in at the same time on the same network from the same computer at the same location, your login will speed along, because it's not unusual. However, if your account is being accessed from a different country than you are usually in, on a device the system has never seen from an IP address it doesn't recognize in the middle of the night, the security barrier goes way up.
MFA--it's not the law, but I almost think you should act like it is. Now you know your options for using it and implementing it. I hope that factors into you making a secure decision.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Tom Merritt's Top 5 series (TechRepublic on Flipboard)