Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • What Is Multi-Factor Authentication, and What Does It Have to Do with You?
  • Cyber Attacks
  • Data Breach

What Is Multi-Factor Authentication, and What Does It Have to Do with You?

4 years ago Zoë Rose
What Is Multi-Factor Authentication, and What Does It Have to Do with You?

Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective: instead of functional does it work, viewing it as how can I break it. In our personal lives, it’s how can someone misuse this? Be it our social media pictures, accounts, and so on. This is a skill that people build over time, and it’s completely appropriate to start out small. If you can do nothing else, consider the access to your accounts, professional, banking, and social media. Consider how hard a malicious actor needs to work to gain access to these. Then layer on restrictions to limit the likelihood.

What do I mean by “layering”? Consider someone looking to steal a vehicle.

  • A vehicle unlocked and parked on the street can easily be picked up in an opportunistic attack. This is how I would view an account with a poor or easily guessable password. This is because, whilst it may have a password, there are automated tools that can test a list of common passwords against it. If it is found in a breach: it may already know the password/username combination to use.
  • A vehicle that’s locked and parked on a quiet street, whilst still vulnerable, is more secure than the first. This is how I would view a secure password.
  • A vehicle that’s locked and stored in a secure garage requires knowledge and skill to steal. It also requires motivation for that specific vehicle. This is how I would view an account using a secure password and a second form of authentication.

What Is the Difference Between Two-Factor Authentication and Two-Step Verification?

To understand this, you need to understand what multi-factor is: something you have, something you know, and something you are. Those are the three separate pieces that together prove who you are. The more pieces that are used as validation, the lower the likelihood that someone else will be able to authenticate themselves as you. There are further options available, but these three are the most commonly used.

A form of multi-factor authentication is two-factor authentication, which requires only two of the following: something you know, something you have, and something you are.

Some examples of “something you know”:

  • Password/passphrase
  • Answer to a security question
  • PIN

Some examples of “something you have”:

  • SMS: Have you received SMS text messages containing a verification code? This is a form of multi-factor authentication! Whilst there are limitations on the security of this option, remember the car examples. It is better than no second piece.
  • App: There are many options out there, both paid (Duo, for example) and free (Authy/Google Authenticator). These apps give you two options after password entry: first, you can use them to generate a verification code for a synced account; and second, you can request a push notification, at which point you can ‘approve’ or ‘decline’ sign-in.
  • Physical token: if you have ever heard of Yubikey, it’s one of those most well-known forms of physical- or hardware token-based authentication. Using this option, you enter a password and then plug in the device (or touch it to something) to authenticate yourself. Usually, your account has an additional option approved, such as an app or SMS, in case you lose the token.
  • Device: Apple and Google both provide options to ‘approve’ or ‘decline’ sign-in from devices already enrolled to do so after you have entered the password.

A few examples of “something you are”:

  • Fingerprint ID
  • Face ID
  • Voice ID

Two-step verification is similar to two-factor authentication, however, instead of using two different means of authentication, you make use of two pieces from the same categories identified above. Like entering two separate passwords, one needs to be validated as correct before the second password is requested; but they are both something you know.

Choosing the Right Option for Me

Oftentimes, I’m asked how to choose between the above options. I want to preface my advice with the fact that even if not perfect, any additional form of authentication, be it SMS-based, multi-factor, or two-step verification is a positive move forward.

  • Are you confident you can keep track of your devices and keep it up to date? You can choose which you prefer. That being said, app- and token-based are considered the industry standard.
  • Do you have a limited budget and expect to be changing between devices often? You may consider token or SMS-based, as from what I have seen, multi-device, app-based authentication may require a subscription.
  • Do you expect to be changing devices soon? Consider token- or SMS-based MFA. SMS isn’t as secure, there are known issues with it, but as a minimal adding layer does help, at least to give time for you to change the password if found to be in a breach.
  • Do you struggle with keeping track of your devices? Both token- or app-based may not be the best solution for you (unless syncing is available in that app). Consider SMS-based, again, with the awareness of the limitations.

The above are just a few examples for personal and/or family use. There are additional considerations for individuals who want to choose what option is right for them. If you are an organization, it is your responsibility to provide industry-standard authentication to employees to help them protect their accounts, your infrastructure, and ultimately be a part of both the security and privacy program. If you’re an application provider, it is your responsibility to provide a variety of options for consumers – I would argue both by design and by default, at no additional cost.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” What Is Multi-Factor Authentication, and What Does It Have to Do with You?” appeared first on TripWire

Source:TripWire – Zoë Rose

Tags: Android, Google, Privacy, TripWire

Continue Reading

Previous Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Next Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 21, 2022

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

22 hours ago [email protected] (The Hacker News)

Recent Posts

  • GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
  • The Kill Chain Is Obsolete When Your AI Agent Is the Threat
  • Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
  • Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
  • FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT