Security

Tech

4 minute read

July 25, 2022

What is multi-factor authentication (MFA), and how is it set up?

Passwords are the most common method to authenticate a user and grant them access to an internal network or software. Typically, when you log onto a system, you simply enter your username and password to gain access.   

As remote working becomes commonplace and organisations increasingly use software hosted in the cloud, it’s more important than ever to only grant authenticated users access to your company’s network 

Passwords alone aren’t enough to prevent a malicious user from gaining access to networks and systems. Passwords can often be stolen or guessed, giving the attacker the same permissions as an authenticated user. Multi-factor authentication (MFA) is an incredibly effective way of preventing attackers from entering your network, stealing, damaging or leaking data or other business assets. 

What is multi-factor authentication (MFA)?  

Multi-factor authentication is a combination of authentication steps a user must take after entering a username and password. Other types of authentications a user may be asked for include: 

Something you know:  

  • PIN 
  • Password  
  • Answer to a personal security question
  • One-time password (OTP) code sent to your email address
  • One-time password (OTP) message sent to your phone number  

Something you have:  

  • Plugging in a physical key fob, FIDO key, or USB key  
  • Swiping your employee ID card, access badge or payment card against a reader (such as an NFC or contactless card reader)  

Something you are:  

  • Face recognition  
  • Voice recognition  
  • Behaviour detection 
  • Biometric fingerprint   

After successfully entering the multiple authentications needed, a user will be allowed access to a system, network, or software. Two-factor authentication (2FA) is often used interchangeably with MFA. Two-factor authentication requires just one form of authentication, after a username and password, so is often less secure than multiple layers of authenticity. 

Why is MFA important? 

Setting up MFA on your organisation’s networks, software and systems will provide an added layer of protection against cyber attacks. If one layer of authentication breaks, a malicious actor will still have multiple barriers to break before they can reach the target.  

When there is no way to differentiate between a legitimate user and a malicious one, attackers can pretend to be a user by:  

  • Entering passwords from data that has been leaked or stolen  
  • Socially engineering account details from users, such as phishing  
  • Password spraying by trying to log into user accounts using commonly used passwords 

According to Microsoft, MFA, which requires users to authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9% over passwords alone. Setting up MFA is relatively simple to do. 

Can MFA be passwordless? 

You may have heard of passwordless solutions concerning multi-factor authentication. Passwordless involves using multi-factor authentication, in which none of the methods of authentication include a password. This means your MFA process isn’t at risk of password-related attacks, as your software isn’t linked to any passwords.   

Ideally, this means that your users also don’t need to remember any passwords. Instead, you can use something you have, such as a known device, physical security token or key card, and something you are, such as biometrics. Passwordless solutions remove the risk of passwords being forgotten, lost, stolen or leaked.

How to set up multi-factor authentication 

The extra factor of authentication that you choose will depend on the software or service you are using. Some services or software may not allow your preference of authenticator, so it’s important to consider which solutions work for your users and services. 

Some software enables the use of an authenticator app, for example, a protocol called FIDO2/WebauthN, which provides a one-time password (OTP) as an extra layer of defence. The user must log into the app, which generates a new code every minute to prevent the same password from being used multiple times. The user will enter the code into the software sign-in to gain access. 

You may want to use a physical extra factor that asks the user to unlock the key before use. Or simply prove its possession. Physical keys can include FIDO security keys, YubiKey or Feitian allpass. 

You can also use an OTP token, which is essentially a physical version of an authenticator app. These physical devices generate a cryptographic key which you can use to authenticate your identity on your end device via USB, Bluetooth, or NFC. 

ZTS products

How we can support your organisation to set up MFA 

Zero Trust Solutions provide passwordless solutions, FIDO keys, and OTP devices that add extra layers of security to all your eligible software and devices. Setting up MFA and enabling it on all your services is one step on the way to a Zero Trust Architecture.  

Our consultancy and solutions enable your organisation to reduce the risk of cyber attacks and ensure that only authorised users are allowed access to your systems, software, services, and networks.   

Reach out to us today if you would like to find out more.

Other top insights

Blog Post Link

Webinar

On demand

Fireside Chat

Live: March 2023 | Now on demand below...

October 19, 2023

Replay: Fireside Chat with Chase Cunningham - How businesses can benefit from a Zero Trust strategy?

View webinar

Blog Post Link

Webinar

On demand

demo

Live: 10th October 2023 | Now on demand below...

October 12, 2023

Demo Replay: To ZT, how do you Ziti?

View webinar

Blog Post Link

Webinar

Date: 10th October 2023 - 4pm UK Time / 11am EST 

October 6, 2023

Demo: To ZT, how do you Ziti?

View webinar