Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
Typical MFA scenarios include:
- Swiping a card and entering a PIN.
- Logging into a website and being requested to enter an additional one-time password (OTP) that the website’s authentication server sends to the requester’s phone or email address.
- Downloading a VPN client with a valid digital certificate and logging into the VPN before being granted access to a network.
- Swiping a card, scanning a fingerprint and answering a security question.
- Attaching a USB hardware token to a desktop that generates a one-time passcode and using the one-time passcode to log into a VPN client.
Multifactor authentication technologies:
Security tokens: Small hardware devices that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in an easily-carried object such as a key fob or USB drive. Hardware tokens provide the possession factor for multifactor authentication. Software-based tokens are becoming more common than hardware devices.
Soft tokens: Software-based security token applications that generate a single-use login PIN. Soft tokens are often used for multifactor mobile authentication, in which the device itself – such as a smartphone – provides the possession factor.
Mobile authentication: Variations include: SMS messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps, SIM cards and smartcards with stored authentication data.
Biometric authentication methods such as retina scans, iris scans fingerprint scans, finger vein scans, facial recognition, voice recognition, hand geometry and even earlobe geometry.
GPS smartphones can also provide location as an authentication factor with this on board hardware.
Employee ID and customer cards, including magnetic strip and smartcards.
Feel free to contact E-SPIN for multi-factor authentication infrastructure and application security, infrastructure availability and performance monitoring solution.