Why we use Multi-Factor Authentication and why you should too
Protecting our data online is increasingly important as more people are moving their sensitive information to the cloud. There’s a huge variety of security methods to choose from, but this doesn’t necessarily make the selection process any easier.
Today, we’ll take a look at the popular choice: multi-factor authentication (MFA). This is the security option we use ourselves, as it offers a layered protection, among other benefits.
Let’s take a look at why you should consider MFA, its benefits, and the specific method and security applications we recommend.
So what are the benefits of multi-factor authentication?
The main benefit of MFA is pretty simple – a huge increase in security.
Measures like a time-based one-time password (TOTP) massively reduce the ability of hackers to access your data, even if they already have your password.
The various different types of MFA also really help tailor this security to you. You can choose the authentication methods that you prefer or suit your circumstances best, while still staying as safe as any other person. Another simple benefit is that MFA is just a really easy way to make your data safer.
You aren’t going to have to complete a hundred tasks to unlock access to your own documents – there are just a couple of streamlined steps, personalised to you. The ease of using MFA means it’s also really simple to implement it in businesses.
Many people already use it in their personal lives, so it’s likely that your employees will take to it quickly. While we’re discussing its application within businesses, MFA also helps you stay compliant with various industry regulations on access to sensitive information.
So, the benefits are pretty straightforward. But why was MFA created in the first place?
Perhaps you’re still just using passwords to protect your information online. It’s the first and only step for a lot of people, especially on things that seem trivial and safe, like social media or shopping accounts. But unfortunately, passwords just aren’t as safe as they used to be. Data breaches that involve stolen or weak passwords are more common than ever, with the Verizon Data Breach Investigations Report stating the number of these incidents had risen to 81% in 2017.
Multi-factor authentication was invented to try and regain a level of control over people’s security and information online. It creates a multi-layered defence that often utilises time-sensitive methods. This means hackers have more walls to break through when attempting to access your data, but also makes it a lot harder for them to fake or trick their way in.
Now we know what multi-factor authentication is in principle and the main benefits of using it. But we still haven’t looked at the different types of authentication you can use to build your layered security. Let’s briefly look at a few now. The types of MFA fall into three main categories: something you know, something you have, and something you are.
First let’s discuss ‘something you know’.
This is pretty self explanatory. This type of protection could be anything like a pin, a second password, answers to security questions, and so on. It’s basically anything you can remember and then do or repeat in the necessary circumstance. It is used in conjunction with the main account password to add that second layer of security. Most people will have encountered this type of security when accessing online banking using memorable data, or resetting passwords for services that require security questions to be answered first.
Secondly, ‘something you have’. This is simply any physical device, from a key, to a USB drive. One of these devices can produce a time-based pin or compute a response to a challenge number from a server. Many people find this type useful, as a physical ‘key’ can be reassuring, but there is also the risk of losing it.
Thirdly, and finally, is ‘something you are’. This can be any part of the human body used as a security device. Some examples of this type are: facial recognition, fingerprints, iris scanning, voice verification and more. You may have already experienced this type in modern smartphones.
Our favoured choice of MFA, as we’ve mentioned briefly, is TOTP.
A time-based one-time password is simply a unique, temporary passcode generated by an algorithm. Factors like the time of day are used in these codes to ensure that they are unique. Plus, you have a limited time in which to use the password, which can be as little as 30 seconds. Both of these steps make it much harder for hackers to access your information. This type of authentication is being used increasingly by cloud providers and other big businesses to protect their data. But you can actually use it in pretty much everything online – from your business emails to your personal social media accounts.
So how can you start using multi-factor authentication and methods like TOTP?
Well, as a starting point, we recommend the app Authy. It’s available over a huge variety of platforms, including iOS, Android, Chrome, macOS, and Windows. Authy uses the one-time passwords we’ve looked at above, and can easily be transferred between devices or recovered if you lose access to the original device. It can even generate these codes without cell or network connections, so you can log in whether you’re at home, or jetting off on a plane.
You may already be using a TOTP application such as Google Authenticator or Microsoft Authenticator. All of the TOTP applications work in the same principle way and are actually interchangeable, however Google Authenticator is bound to the device you set it up on, so if you lose that device you need to reset all your MFA codes. Authy lets you use encrypted backups in the cloud, which isn’t an option with other services like Google Authenticator. These backups mean you can access your Authy account even if you lose your phone, without having to manually transfer data. It just makes the whole process easier.
Multi-factor authentication is becoming increasingly popular, and definitely a security measure we support. We’ve looked briefly at what it is, the major benefits, and our preferred type. But, if you want to learn more, make sure you get in touch with us. Whether you want to learn more about how you can use MFA in your daily life, or you’re interested in finding out more about Authy or the other methods of authentication, we’re here to help, so just give us a call.