Eskenzi PR Eskenzi PR
  • About Us
Tuesday, 20 April, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Spotlight on Multi-factor Authentication

by The Gurus
March 4, 2016
in News
Share on FacebookShare on Twitter

With thousands of breaches happening every year, an often touted way of reducing the risk of corporate accounts and the like being compromised is through the implementation of multi-factor authentication (MFA). However it’s often not implemented, with a sort of ‘granny’s advice’ situation becoming apparent where good advice is readily available, yet we continue to ignore it. So what is MFA? Why would we want to deploy it? Is it a hard thing to get off the ground in an organisation? The Guru posed some questions on MFA to Chris Webber, Senior Director of Product Management at Centrify to help shed light on a measure that’s widely praised but rarely used.

  1. What is MFA and what are the forms of authentication companies can use in tandem to implement it?

MFA is Multi-factor Authentication, meaning that a given user has to present multiple “factors” to prove their identity.  These factors can be:
– Something you have – examples include: a physical card, a one-time–password token, or a smartphone, for example
– Something you know – examples include:  a PIN, a password, or the answer to a personal question
– Something you are – examples include: a fingerprint, a retina scan, your voice
We are most familiar with MFA when it comes to our personal finances.  In most of the world, we present our card (a thing we have) and a PIN (a thing we know) to approve a transaction, or withdraw cash.  Without the combination of both factors, we can’t access our money.
 

  1. Why is it important?

By requiring multiple factors for access – we make it much harder for attackers. Today, attackers have no problem compromising passwords – whether by social engineering tactics that trick folks into giving the password up, or by “brute-force” password cracking with powerful computers.
By including a second factor, like a smartphone, we make it much harder for these attackers. They might be able to steal a password, but unless they also have access to the specific smartphone that also belongs to a users, they can’t gain access. Again – much like the person that might know your financial PIN, but doesn’t have you card.
 

  1. Why is single factor authentication not enough?

Password-based security has failed. In 2014 billions of passwords were compromised. In 2015, millions more were added to that total.  It’s safe to say that the attackers have all of our passwords.  We need something more between them, and our sensitive data.
 

  1. Do you expect MFA to become an industry standard? Or is it to be a long struggle?

When you combine the advances in policy-based, adaptive, MFA, and the reality of recent data breach and compromised credentials, businesses have both the technology and the urgency to drive MFA in the near-term.
 

  1. What puts companies off implementing MFA?

MFA is not new, and security practitioners have long been calling for it.  But until now, it was costly and complex to implement, and was too much of a burden for average users, since it lacked contextual policy that only prompted for extra factors under appropriate circumstances.  Instead it was “all or nothing” and didn’t work well for most people.
 

  1. Is there a ‘good practice’ for the implementation of MFA?

Requiring multiple factors is the right thing to do – but if it’s too cumbersome, as it has been in the past, companies won’t adopt it.  The best practice is to allow easy access when it makes sense – when it’s a user we know, from a device we trust, on a network we recognize, for example.  But when we see a new device, or get an access request from a strange location or network, then it’s time to prompt for additional authentication.
This is “Adaptive authentication,” and security folks now have the ability to apply the right level of security, based on policy, across all users – without clunky dedicated hardware tokens, or constant user prompting.
 
So there you have it – you can take several approaches so cherry-pick the way it works best for you and make it happen! We’ve come a long way with this technology and there are many providers of MFA tools so if that’s what your organisation needs, there really isn’t much excuse. 

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: AccessaccountapproveareAuthenticationBYODcardCentrifycodedevicefactorfingerprinthardwarehaveIDimplementknowMFAmulti-factor authenticationNetworknumberpasswordpinPolicyScansecuritySmartphoneSoftwaretokentransacion
ShareTweetShare
Previous Post

What's a Russian DDoS Booter Making for its Proprietors?

Next Post

Facebook: A new command and control HQ for mobile malware

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

April 19, 2021
Dominos pizza

Domino’s India suffers data breach

April 19, 2021
whatsapp icon

Vulnerabilities found in older version of WhatsApp

April 19, 2021
Data Breach Cyber attack code

University of Hertfordshire suffers system outage due to cyberattack 

April 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept