Multi-Factor Authentication to Prevent Cyber Attacks

 

What is multi-factor authentication(MFA)?

Authentication is the process of identifying users those who request to access a system, network or a device and confirm that users are who they say they are. Multi-factor authentication(MFA) is the type of authentication that involves 2 or more verification factors to manage access. MFA is used used in diffrent applications, account logins, network access, VPNs etc. to authenticate user requests.

Why MFA is important?

In multi-factor authentication users are authenticated not simply based on usernames and passwords but based on several other factors.

"According to 2020 Verizon data breach investigation report(DBIR) 67% of data breaches were due to credential theft, errors, social attacks and 37% of credential theft breaches used stolen or weak credentials"

MFA reduces the risk of weak passwords and minimizes the likelihood of any cyber attack by increasing the difficulty of passing the login process and exploiting the user login credentials. Therefore MFA enhances the security of sytems, networks or data and protects them from cyber attacks.

"An article from Microsoft security states that MFA can prevent upto 99% of brute force attacks".

How multi-factor authentication works?

MFA is not simply based on usernames and passwords only, but use combination of several other authentication factors like OTPs, biometric factors, PIN codes etc.We can classify these factors into 3 main categories as follows and MFA uses combinations of  more than 2 of these factors.
  • What users know(knowledge) : These factors include things the users know and remembers by themselves.
             Eg:    Passwords
                       Personalized questions
  • What users have(possession) : This category consist of things that the users have with them.
            Eg:    One Time Password(OTP)
                      Smart cards
                      Software tokens/certificates
  • What users are(inherence) : These are factors that are inherent to each user.
            Eg:    Finger print
                      Face recognition/voice recognition
                      Iris/retina scanning

MFA uses factors we know,we have and we inherit

In addition now a days MFA combines with machine learning and Artificial Intelligence(AI) and has introduced more advanced MFA technologies like location based authentications and adaptive athentication.

Location based MFA:
This approach uses the geo location of user to authenticate the user. Location based MFA checks for users geo location and ip address and if the details are not matching, look for more factors to authenticate. User location details can be used with other factors like passwords, OTP, biometrics to confirm user identity.

Adaptive / Risk based authentication:
Adaptive athentication analyzes additional facts based on behaviour of user and the context before authenticating a user. This approach assigns a risk level for a login attempt based on factors like:
  • Location that users tries to login
  • Time of accessing(whether during work hours/off hours)
  • Type of network used(whether private/public)
  • The device used for accessing
The value of risk based on these factors will decide which level of authentication is needed to be provided for the user to get access to systems or data. Here any unusual attempt of accessing a system will trigger the need of MFA.
Adaptive authentication uses MFA based on the risk level of login attempt (Source: www.onelogin.com)

What attacks can be prevented using MFA?

Muti-factor authentication can be used to prevent and gain protection against many common cyber attacks like:
  • Phishing: 
Attackers sends phishing emails with links to fake sites to users asking them to enter their usernames and passwords to login.These attacks can be prevented by implementing combination of multiple factors for authentication as in MFA.
  • Brute force attacks:
Attackers try commonly used username, passwords combinations to access accounts or use programs to generate possible passwords. If we use MFA attackers cannot access systems or data even if they guess the passwords.
  • Keyloggers:
Attackers use devices or programs to track keystrokes on computer keyboards to get login credentials and security codes. MFA can be used to prevent harm from these attacks.

To summarize the facts, multi-factor authentication is used as an effetive security technique  rather than just using a password protection. A good combination of multi-factor authentication will reduce the risks of insecure passwords and protect the systems and data from cyber attacks.


References:

[1]    https://www.appknox.com/blog/what-authentication-method-to-choose-in-2020

[2]    https://searchsecurity.techtarget.com/feature/The-fundamentals-of-MFA-Multifactor-authentication-in-the-enterprise

[3]    https://www.onelogin.com/learn/what-is-mfa

[4]    https://www.onelogin.com/learn/mfa-types-of-cyber-attacks

[5]    https://www.impactmybiz.com/blog/benefits-of-multifactor-authentication

Comments

  1. Ruvy RathnayakeNovember 27, 2020 at 10:57 PM

    Nicely explained! What are the pros and cons as you have identified in those MFA types?

    ReplyDelete
    Replies
    1. Dilesha PereraNovember 28, 2020 at 9:44 AM

      Thank you Ruvishka.

      When it comes to MFA there are both advantages as well as disadvantages.
      The main advantage of MFA is the ability to provide high protection on data and systems. Specially when users try to access using different devices and locations. Biometric, location and risk based MFA methods can secure the data on a device even if it is being stolen or taken to a different location from the user.
      But MFA has some drawbacks when it comes to implementation because MFA can be costly and time consuming. MFA would not be suitable for a situation which needs quicker login because it takes some time to authenticate using factors like OTPs.

      You can read the following article for further information on this.
      https://jumpcloud.com/blog/multi-factor-authentication-pros-cons

      Delete
  2. Osura WeerasingheNovember 28, 2020 at 5:01 AM

    Informative post!!! Organization would really like to implement Adaptive / Risk based authentication to protect logins from remote users.

    ReplyDelete
  3. Dulanga KithminiNovember 29, 2020 at 3:36 AM

    Nice write up Dilesha. Can you explain how multi factor authentication can be used in cloud computing?

    ReplyDelete
    Replies
    1. Dilesha PereraNovember 30, 2020 at 9:34 PM

      Thank you Dulanga!
      Regarding the question you asked it is easy to authenticate cloud appliations using usernames and passwords but MFA can be implemented to improve security in cloud applications too.
      Popular cloud MFA practices use mobile based additional options for authentication together with username,passwords. Options like OTPs, finger scaning, mobile push notifications can be used to implement MFA in cloud applications. For example Azure MFA is a way of safeguarding data and applications in the Microsoft Azure cloud. They use several verification options like phone calls, text messages, or mobile app notifications.

      Following article can be refered to understand more on Azure MFA.
      https://blog.mycloudit.com/best-practices-for-azure-multi-factor-authentication-in-mycloudit-deployments

      Delete
  4. Santhoopa JayawardhanaDecember 5, 2020 at 10:27 PM

    A very informative article. It is fascinating to see how authentication has evolved to meet the requirements of the modern digital world.

    ReplyDelete
  5. Rajitha GamageDecember 10, 2020 at 9:45 PM

    very informative article Dilesha! you have well explained importunacy and how to achieve MFC under the article.

    ReplyDelete

Post a Comment

Popular posts from this blog

Best Practices for Network Monitoring

Image
What is network monitoring? Network monitoring is a proactive activity carried out by network administrators to ensure that the networks are working optimally by monitoring faults, performance and efficiency of networks. Network monitoring systems include hardware and software tools that are used to monitor aspects of networks like the bandwidth, traffic, uptime as well to check the performance of network devices like firewalls, switches and routers.  Network monitoring is important because it can proactively identify faults in networks and prevent network failures and downtimes. Benefits of network monitoring There are several key benefits of practicing network monitoring and following the best practices. Some of the main advantages of network monitoring are: Network administrators can have a clear picture of the networks and their performance Analysis of network components over time helps to identify the needs for upgrades and implementation of new infrasturcture  Organizations can u
Read more