How Multi-factor Authentication Works?
Multi-factor authentication combines two or more of the following credential types to identify a user:
Strong Authentication is critical to trust.
Enchanced credentials assure you are who you say you are.
Something a user knows
Examples: user name, password, challenge questions
Something a user has
Examples: hardware token, smrtcard, device
Something a user is
Examples: biometrics including fingerprint and retinal scan
(Note: two components from the same credential type such as password and challenge questions ) (both something a user knows) does not provide more than one factor, therefore is not two factor or multi-factor authentication)
Security Threat Landscape – Multi-Factor Authentication
Access to corporate applications and data is no longer confined to stationary workstations in offices and cubicles. The wide scale adoption of cloud and mobile has enabled a remote workforce to be more efficient and effective than ever, but created new security challenges. This additional freedom and flexibility caused a major increase in data breaches over the last several years, and resulted in a 2x uptick in stolen identities during 2016.
The mobile workforce of today wants access to corporate resources at any time, from anywhere. Security teams are tasked with securing that remote access without complicating the end user experience. With resources being accessed from a mix of corporate and non-corporate owned devices, user names and passwords can be the only security between your corporate data and hacker or potential breach.
We all know passwords are inherently weak, so login policies typically enforce password expiration and complexity requirements to add security. Some experts are pushing back on resets and password complexity in part because users tend to create weaker and weaker passwords over time. Users are also more likely to keep a written list of current passwords for convenience. Not all login policies require password resets on the same date, so typical users struggle to remember what password is current for each login. Adding user friendly strong authentication will ensure that only the correct user gains access. Valid login credentials alone are not enough to login, rendering login information useless to hackers.