What is multifactor authentication?

What is multifactor authentication and when is it appropriate to use it

Account protection with the help of one factor – a complex password – ceased to be reliable about two decades ago. Therefore, network users are recommended to use additional protection factors. Moreover, now there is an opportunity to choose the best option according to requests, price and quality.

And taking into account the fact that the pandemic has left its mark on many spheres of social life, remote work has become a trend – the previously favorite format of IT companies, and now web, marketing studios, educational resources, call centers and other enterprises, where tasks for 80- 90% are carried out with the help of computers. However, the nuance is that home PCs, on which employees most often continue to work remotely, need the same protection as corporate devices where appropriate software can be installed.

In order to avoid the leakage of corporate information, such IT corporations as Google and Facebook have long made it mandatory for members of the organization to connect multi-factor authentication or MFA (abbreviated) precisely with the help of tokens. Why not follow their example?

In this article, we will consider what multifactor authentication is, how it works, its advantages and disadvantages, and what are the options for its connection.

Definition of MFA

This is multi-factor authentication extended verification of account belonging to the user, which includes more than one factor. Factors are understood as:

  • knowledge factor — information known to the subject — PIN code, password, control word, answer to a secret question;
  • фактор владения— a thing owned by the user — phone, tablet, PC, security token, smart card;
  • property factor — biological characteristics of the subject—fingerprint or palm, iris, voice, face.

Often, multifactor authentication (MFA) is used in the meaning of two-factor authentication (2FA), which is not a mistake.

The advantages of multifactor authentication come down to cybersecurity, it is:

  • additional protection against unauthorized access to confidential or corporate information;
  • safe conduct of banking operations;
  • confidence in data security on servers.

To the disadvantages of MFA consider the difficulty of use for untrained users. Many simply do not understand why use multifactor authentication (we will return to this question a little later). Therefore, unfortunately, at the moment, the prevalence of this security method is at the level of 10%.

How multifactor authentication works

The principle of operation of multifactor authentication is that when the user is authorized in the operating system or in any account, the service requests’ confirmation of identity with the help of additional factors available to the user.

Examples of multifactor authentication:

  • confirmation of identity with the help of a one-time password (OTP), which can be sent by the service to the user in several ways: via SMS, mail, application, or token;
  • performing an action on an additional device: pressing the confirmation button, entering a code, speaking a phrase, connecting a USB key, scanning a fingerprint.

Different platforms support different types of multifactor authentication. As a rule, after logging into the account, they can be selected and configured in the “Security” tab.

When it is appropriate to use multi-factor authentication

As we mentioned at the beginning of the article, multifactor authentication has long been used by IT companies not only as a recommendation, but also as a mandatory measure for remote workers. However, we want to pay special attention to cases when it is necessary MFA for Business. Especially when remote employees need to connect to a workstation via RDP (remote desktop protocol implemented using Microsoft Remote Desktop, or VNC, TeamViewer, and other programs).

After all, if attackers get access to the administrator’s account, they can seriously offend:

  • send letters to the database on behalf of your organization;
  • seize developments, strategic plans, other intellectual property and sell it to competitors;
  • encrypt all the company’s files in order to demand a ransom in the future.

To protect access via RDP, we recommend the following methods:

  • Close RDP access for external IP addresses, left the connection option only for IP addresses of employees. For dynamic IP addresses of home networks, it is possible to create “white lists” by subnet.
  • It will provide an additional level of protection — multifactor authentication for RDP or all employees entering accounts from other devices.

The feasibility of using multi-factor authentication can also be traced using the table:

Degree of risk Example of use Authentication methods
Low – the consequences of hacking will lead to minor damage New registration on the site of a separate user It is enough to use a complex multiple-use password
Medium – in case of password theft, the damage will be noticeable, but not critical The subject’s use of banking or accounts in online stores tied to bank cards Additional protection in the form of two-step or two-factor authentication is required
High leakage of information can lead to colossal negative consequences Conducting large interbank operations by financiers Multi-factor authentication is required


Reliability of multifactor authentication

Unfortunately, multifactor authentication is not 100% secure in all cases, as much depends on the choice of authentication methods and the safety of the primary password.

About how to protect your password from theft, we told last time. Now we will discuss the reliability and convenience of additional authentication methods:

  • SMS, E-mail passwords – may be intercepted; they may not be very convenient to use if the input needs to be performed on the same device where the message arrived, in any case, not all users can deal with tabs;
  • a voice call on a mobile phone is not very reliable, as criminals can order a duplicate SIM card and receive calls on it; moreover, unexpectedly a loud ring may interfere, if you enter the account at work, in a co-working space or at home, but at night, or vice versa, the voice notification may not be heard in a noisy place;
  • applications that generate one-time OTP-passwords every 30 seconds are a reliable factor, but they work correctly only when connected to the network; if you are connected to a common Wi-Fi network, the reliability of the method is in doubt;
  • the “Yes, it’s me” confirmation button will not help if the device is lost;
  • Tokens or hardware security keys are reliably provided you use a certified product; unlike other authorization methods, they are even more convenient to use, especially if you choose a good manufacturer, for example, YubiKey;
  • biometric verification factors are reliable, provided that the devices work autonomously and do not transmit biometric data to the server, sending it only in encrypted form; otherwise they can be stolen, just like passwords.

Each of the listed factors requires competent application. As a rule, you need to protect both passwords and devices that you can use for verification.

The exception is YubiKey hardware security keys manufactured in Sweden and the USA, which are already supported by thousands of services. In case of their theft, criminals will still not be able to use them, especially the YubiKey Bio novelty is FIDO with a fingerprint scanner. It is not for nothing that YubiKey keys are preferred by users in 160 countries of the world!

To learn more about YubiKey security keys and their capabilities, contact our managers.

New challenges and threats of modern cyberspace in the era of ChatGPT: how is the criminal’s portrait changing?

OpenAI introduced GPT chat version 3 in late 2022, based on large language models. He knew how to hold a conversation like a real person, communicate in many languages, pass exams, write software code and even blog. Already after 2 months, the number of his supporters...

Cybersecurity outsourcing – is it really dangerous and expensive?

Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....

What businesses need to know about information security – an overview of technical tools

Unauthorised access to personal information, financial accounts or trade secrets can cause a lot of damage. This can lead to large losses due to the loss of reputation and financial assets, violation of user privacy, etc. Therefore, every person, organisation, business or financial institution must take care of data protection.

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryption

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryptionBrute force attacks are one of the most common hacking methods. It is considered one of the simplest, because in fact, in order to start an attack, an attacker only needs...

How to choose a quality USB token or security key

What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...

Two-factor authentication

Two-factor authentication Two-factor authentication In the modern world of computer tech, when it comes to information and personal data protection the use of passwords only is no longer reliable. It’s no secret, that even complex combinations of words, digits and...

Yubikey smart card mode without additional equipment

The idea of the first smart card was patented by the French inventor Roland Moreno back in 1974. Today, we already use this technology every day and cannot imagine how we can do without it: SIM cards, electronic travel tickets and passports, keys to hotel rooms, employee passes of closed enterprises, and bank payment cards work in smart card mode.

As a security key Yubikey protects against phishing attacks

As a security key Yubikey protects against phishing attacksPhishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and...

How to protect your password from theft

The password is the first degree or first factor of protection against account hacking. It's very important to take care of its security, because if hackers steal your password, your personal data, documents, important correspondence and much more will be at risk. In...

What is multifactor authentication?

What is multifactor authentication? What is multifactor authentication and when is it appropriate to use it Account protection with the help of one factor – a complex password – ceased to be reliable about two decades ago. Therefore, network users are recommended to...