Multi-factor authentication has become quite popular in recent memory. Not long ago, if you mentioned any login method other than just a name and a password to log into a site, or an application, it was often met with bewildered stares. Now, multi-factor has finally gained recognition that it can effectively help protect apps and services from unauthorized access.
Is Popularity Good?
Of course, just because something is in popular usage, does not necessarily mean that everyone likes it. Many people question the efficacy of multi-factor authentication, albeit misinformed, they wonder why it has done little to combat all the newsworthy breaches. Others consider it a great nuisance, preferring to stay perpetually logged in, rather than having to repeat the login process. This is easily remedied with forced logoff mechanisms, but since the use of multi-factor is still mostly voluntary, that does nothing to speed multi-factor adoption.
What is the best multi-factor authentication solution?
The question I often hear is “what is the best multi-factor authentication solution?” Danna Bethlehem, Identity and Access Management Director at Thales says, ‘Ultimately, there are many factors that need to be taken into account among them, endpoint device, user’s location, the type of application being accessed, the role of the user, the sensitivity of the data – all these factors shape the optimal type of authentication that will be required.
Options Make the Job Easier
Most modern multi-factor solutions offer numerous ways to satisfy the login process. Historically, the login code was delivered via text message to a registered cell phone. While this method has been shown to not be the most secure, it is still in use in most systems. Some people are just so accustomed to using text-based methods, that they do not want to try anything else. In this way, multi-factor authentication solutions can meet the person where they are to achieve the goal, and the benefit outweighs the risk. Another method for the second-factor delivery is to send a voice message to a registered phone number. This works well for someone who prefers a voice call, or the rare person who does not have a cell phone. A desk phone can receive the call as well.
Using Authenticator Applications
There are also authenticator applications that can be used for multi-factor. These are quite versatile, as they can send a notification to the phone, requesting a simple acknowledgement to complete the login process. Authenticator applications will also display a one-time code that changes after a set time limit. Most authenticator applications will work with many of the multi-factor systems. This means that you can use one application for different logins, reducing clutter on your cell phone.
While it may seem that the authenticator applications are the most convenient way to complete a multi-factor login sequence, some people are suspicious of installing any application on a personal phone to log into a company resource. They fear that their employer is spying on them through the application. There is no sense debating this with a reluctant person. Rather, the original multi-factor option of issuing a physical password token is still an option offered by all multi-factor providers.
Physical Tokens Are Everywhere
The thought of carrying a physical token seems so old, as to make some wonder if password technology, and the entire multi-factor initiative is moving backwards, rather than blazing boldly into the future. Yet, when carefully considered, whether it’s a smartphone, a small-form-factor device, or any other authenticator token, they are all a secondary object that is required to complete the login flow. This is where the past, can truly meet the future.
A Passwordless Future
For years, people have been trying to find a “passwordless login” solution. We are now on the brink of that reality through the efforts of The FIDO Alliance. Through a combination of public key cryptography and the possession of a broad choice of personal devices, the login process can be transformed into a new and exciting, and even more secure passwordless future. As FIDO progresses, the new FIDO2 standard promises to take this initiative even further.
As with all things in security, there is no universal solution. Fortunately, multi-factor manufacturers have gone to great lengths to offer many options. As the industry continues to move forward, newer inventions are promising to make the authentication process even easier. All of these options should significantly reduce the time it takes to make the selection that best suits your organization. If only all security solutions were this easy!
To take your knowledge further take a peek at Cybersecurity’s Best Loved Books by Zoë Rose.