Friday, September 28, 2018

Word of the Day: multifactor authentication (MFA)

Word of the Day WhatIs.com
Daily updates on the latest technology terms | September 28, 2018
multifactor authentication (MFA)

Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.

Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.

Typical MFA scenarios include:

  • Swiping a card and entering a PIN.
  • Logging into a website and being requested to enter an additional one-time password (OTP) that the website's authentication server sends to the requester's phone or email address.
  • Downloading a VPN client with a valid digital certificate and logging into the VPN before being granted access to a network.
  • Swiping a card, scanning a fingerprint and answering a security question.
  • Attaching a USB hardware token to a desktop that generates a one-time passcode and using the one-time passcode to log into a VPN client.

Background

One of the largest problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured it provides an attacker with a source to verify his guesses at speeds limited only by his hardware resources. Given enough time, a captured password database will fall.

As processing speeds of CPUs have increased, brute force attacks have become a real threat. Further developments like GPGPU password cracking and rainbow tables have provided similar advantages for attackers. GPGPU cracking, for example, can produce more than 500,000,000 passwords per second, even on lower end gaming hardware. Depending on the particular software, rainbow tables can be used to crack 14-character alphanumeric passwords in about 160 seconds. Now purpose-built FPGA cards, like those used by security agencies, offer ten times that performance at a minuscule fraction of GPU power draw. A password database alone doesn't stand a chance against such methods when it is a real target of interest.

In the past, MFA systems typically relied upon two-factor authentication. Increasingly, vendors are using the label "multifactor" to describe any authentication scheme that requires more than one identity credential. Continue reading...

Quote of the Day

 

"Although not foolproof, the use of multi-factor authentication schemes can greatly reduce the chances of account compromise." - Craig Young

Learning Center

 

State Department data breach exposes employee info
A State Department data breach compromised the agency's unclassified email system and led to the exposure of employee data and one expert said the issue may have been a lack of multi-factor authentication.

Pros and cons of a multi-factor authentication mobile app
A multi-factor authentication mobile app is more secure than an app that relies solely on passwords. Determine the pros and cons before an implementation.

What are some useful multifactor authentication examples?
Our expert explains multifactor authentication examples in healthcare settings and looks at why this technology is useful for protecting patient data.

How to manage multi-factor authentication for Office 365
MFA is a layered approach to security that exceeds the traditional username/password method. Here's how to manage multi-factor authentication for Office 365.

Explore two major user authentication methods
Biometric and multifactor authentication may be better than traditional user authentication methods, but neither approach to identity management is perfect. Review the benefits and pitfalls to discover which option works for your organization.

Quiz Yourself

 
The credit union website uses two-factor authentication to protect _____ members.
a. their
b. its

Answer

Stay in Touch

 
For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com

Visit the Word of the Day Archives and catch up on what you've missed!

FOLLOW US

TwitterRSS
About This E-Newsletter
This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for.
TechTarget

TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com

Copyright 2018 TechTarget. All rights reserved.

No comments: