Multi-Factor Authentication

Multi-Factor Authentication

The Question

 

Multi-factor authentication (MFA) what are some use case scenarios?

 

What are the positives of using MFA?

 

What are some of MFA’s weaknesses if any?

Web Server Authentication:

 

Hundreds of thousands of emails if not millions have been leaked over the years.

 

The email itself might not be able to do too much damage. But it is a starting place when trying to steal your fakebook, twitter, or Instagram account.

 

But thanks to MFA you need not worry about changing all your emails every time a massive leak happens.

 

While you should still use strong passwords upper and lower case with special characters of at least 8 characters, that does not have anything to do with your life or family members life.

 

But with MFA when trying to log in again, only you could have the ever-changing code.

Web services authentication:

 

Loging into a service like google docs where I am sure you have very confidential information is much more secure with MFA.

 

Or if you are a fan of MMORPGs, I am sure your account has been hacked at least once on games like wow or RuneScape then you added MFA and it never happened again.

 

No possibility of brute forcing the account or simply having an email sent.

 

While this does take a little longer and you must carry around a device be it a stand-alone device or your phone.

Enhance RADIUS or Active Directory Identity Stores:

 

Remote logging into a system is scary as it is already. You are worried about man in the middle attacks, shoulder surfing, and what if the system logging in is already infected due to the user.

 

While Multi Factor Authentication (MFM) cannot stop all of this, it could stop someone from logging in with a compromised password.

 

Instead of smoothly entering the server they will be asked for a code that only the owner would have.

MFA Weakness

 

MFA might be extraordinarily strong and can stop people from just logging into your account.

 

It is not perfect, a few ways around this involve social engineering.

 

Calling the phone company and having your phone switched to them by convincing the phone company they are you, is one.

 

This will only work if you have the code texted to you. This can be avoided by using a software application like Google Authenticator instead of receiving the code by text.

 

Then they can always call and pretend to be a company needing the code that was just texted to your phone for maintenance or something.

 

While you might think this does not work it works more often than you would know!

In conclusion:

 

MFA should be a part of a layered defense as all things in security should be.

 

A strong understanding of social engineering is your first and best defense.

 

Next a strong password as before mentioned of upper and lower case with special characters of at least 8 characters, that does not have anything to do with your life or family members’ life.

 

In this case MFA used properly with a standalone device or software application will be your last line of defense, and one you should never have to worry about.

 

Education is your best friend; attacks are always changing but with these fundamentals you should be much safer than you were.

Leave a Comment

Your email address will not be published. Required fields are marked *