| |August 20199password" has become somewhat ancient. Gone are the days when you would rely on a password with a combination of alphabets, num-bers, and symbols. The major issue arises when a password is hacked, and that the computer doesn't rec-ognize/bother whether the user entering the password is genuine or not -- it simply grants access to anyone. Hence, in order to make the security stronger, authenti-cation processes have emerged over time mainly consisting of - Two-Factor and Multi-Factor Authentication (MFA).Authentication is the process of verifying the user's identity and entity. Multi-factor authenti-cation provides an additional lay-er of security when logging in or performing transactions online, which requires more than one mode of authentication to verify the credentials of the user(s). Thus, creating an extra layered defense against the unauthorized person to access information and prevents online frauds.Why Multi-Factor AuthenticationMulti-factor authentication (MFA) or Two-factor authentication is a security process in which the user provides different authentica-tion factors to verify themselves to better protect both the user's credentials and the resources the Users have access to. Most attacks originate from remote Internet connections, therefore Multi-fac-tor authentication makes these at-tacks less threatening. Obtaining passwords are not sufficient for access, and it is unlikely an attack-er would also, be able to obtain the second authentication factor as-sociated with a user account. Most people seem to agree that it's in-credibly secure and no one really challenges that.Just to understand the nit-ty-gritty of Multi-factor authenti-cation, its potential security risks with SMS and how one can protect themselves from being hacked.The three most commonly used authentication factors are:· Knowledge factor: Something only the user has information of, such as a username and password, a PIN or security questions· Possession factor: Something the user has, for e.g. smartphone, one-time passcode or a smart card· Inherence or biometric factor: Biometrics, such as a fingerprint lock, iris scans or voice recognition which proves the user's identity. What is Multi-Factor Authentication?Typically, when you log into a web-site, you're only required to enter your username and password to successfully gain access. Generally, this is secure if a person is using strong login credentials, where there are potential risks.For example, if your login cre-dentials are compromised due to an attack such as phishing or other successful hacking attempts, your password could be traced by a hack-er and could lead to gaining access to the website.According to a report by Verizon Data Breach Investigations, com-promised passwords cause 81 per-cent of data breaches. If you don't use a strong password, a hacker could guess your password to gain entry. This is known as a brute force attack.Multi-factor authentication is an extra level of security; it adds an extra step to the login process. In-stead of only having to enter your username and password to log into a website, with two-factor authen-tication enabled, you also need to confirm your identity in one additional step.There are multiple ways to con-firm your identity with two-factor authentication:· An app on your mobile device· SMS or Call using your cell phone· A security token (a long string of randomized letters and num-bers) that one can copy physically in advance· An encrypted USB drive· Key fob· A physical card that's read by a card readerWith the explosion of SaaS-based services and the number of reused passwords, multifactor au-thentication methods have become more important, and they now ap-peal to businesses as well. Another of the multifactor authentication benefits are, that the likes of Face-book, LinkedIn, Twitter, Google, Apple and numerous other vendors have adopted these tools to secure their own applications.Overall, there's no 100 percent guaranteed way to protect data, but multi-factor authentication bol-sters defence significantly and are worth the hassle, especially as the number of password exploits con-tinue to rise. Businesses need bet-ter ways to protect user login infor-mation beyond the simple username and password combina-tion and take major steps to pre-vent any data exploitation and phishing attacks. C IPramod Sharda
< Page 8 | Page 10 >