Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 30 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Spotlight on Multi-factor Authentication

by The Gurus
March 4, 2016
in News
Share on FacebookShare on Twitter

With thousands of breaches happening every year, an often touted way of reducing the risk of corporate accounts and the like being compromised is through the implementation of multi-factor authentication (MFA). However it’s often not implemented, with a sort of ‘granny’s advice’ situation becoming apparent where good advice is readily available, yet we continue to ignore it. So what is MFA? Why would we want to deploy it? Is it a hard thing to get off the ground in an organisation? The Guru posed some questions on MFA to Chris Webber, Senior Director of Product Management at Centrify to help shed light on a measure that’s widely praised but rarely used.

  1. What is MFA and what are the forms of authentication companies can use in tandem to implement it?

MFA is Multi-factor Authentication, meaning that a given user has to present multiple “factors” to prove their identity.  These factors can be:
– Something you have – examples include: a physical card, a one-time–password token, or a smartphone, for example
– Something you know – examples include:  a PIN, a password, or the answer to a personal question
– Something you are – examples include: a fingerprint, a retina scan, your voice
We are most familiar with MFA when it comes to our personal finances.  In most of the world, we present our card (a thing we have) and a PIN (a thing we know) to approve a transaction, or withdraw cash.  Without the combination of both factors, we can’t access our money.
 

  1. Why is it important?

By requiring multiple factors for access – we make it much harder for attackers. Today, attackers have no problem compromising passwords – whether by social engineering tactics that trick folks into giving the password up, or by “brute-force” password cracking with powerful computers.
By including a second factor, like a smartphone, we make it much harder for these attackers. They might be able to steal a password, but unless they also have access to the specific smartphone that also belongs to a users, they can’t gain access. Again – much like the person that might know your financial PIN, but doesn’t have you card.
 

  1. Why is single factor authentication not enough?

Password-based security has failed. In 2014 billions of passwords were compromised. In 2015, millions more were added to that total.  It’s safe to say that the attackers have all of our passwords.  We need something more between them, and our sensitive data.
 

  1. Do you expect MFA to become an industry standard? Or is it to be a long struggle?

When you combine the advances in policy-based, adaptive, MFA, and the reality of recent data breach and compromised credentials, businesses have both the technology and the urgency to drive MFA in the near-term.
 

  1. What puts companies off implementing MFA?

MFA is not new, and security practitioners have long been calling for it.  But until now, it was costly and complex to implement, and was too much of a burden for average users, since it lacked contextual policy that only prompted for extra factors under appropriate circumstances.  Instead it was “all or nothing” and didn’t work well for most people.
 

  1. Is there a ‘good practice’ for the implementation of MFA?

Requiring multiple factors is the right thing to do – but if it’s too cumbersome, as it has been in the past, companies won’t adopt it.  The best practice is to allow easy access when it makes sense – when it’s a user we know, from a device we trust, on a network we recognize, for example.  But when we see a new device, or get an access request from a strange location or network, then it’s time to prompt for additional authentication.
This is “Adaptive authentication,” and security folks now have the ability to apply the right level of security, based on policy, across all users – without clunky dedicated hardware tokens, or constant user prompting.
 
So there you have it – you can take several approaches so cherry-pick the way it works best for you and make it happen! We’ve come a long way with this technology and there are many providers of MFA tools so if that’s what your organisation needs, there really isn’t much excuse. 

FacebookTweetLinkedIn
Tags: AccessaccountapproveareAuthenticationBYODcardCentrifycodedevicefactorfingerprinthardwarehaveIDimplementknowMFAmulti-factor authenticationNetworknumberpasswordpinPolicyScansecuritySmartphoneSoftwaretokentransacion
ShareTweetShare
Previous Post

What's a Russian DDoS Booter Making for its Proprietors?

Next Post

Facebook: A new command and control HQ for mobile malware

Recent News

cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information