MFA? Master of Fine Arts…
Unfortunately, there is nothing artistic about MFA, besides the histrionics caused by not using it to protect one’s identity online. I have started writing a series of blog posts about The Cloud, but before we get too deep in to dreaming of what new products or services we are going to build, we should go over a core security measure that punches above its weight in terms of effectiveness in relation to inconvenience.
Security must always be viewed through the lens of how difficult it is for you or your users to gain access to data or systems. Security measures that force your users to “Stand by the grey stone when the thrush knocks. And the setting sun with the last light of Durin’s Day will shine upon the key-hole” are dangerous. This results in passwords being stored on sticky notes, or even worse, as a plain text file on computers.
What’s most concerning is that the bulk of cloud systems that allow you to use an email account, Office 365, Google, or Facebook account as its core credential. With that in mind, if any of these services are compromised, the exploit can expand to all associated accounts and services.
For example, imagine the Gmail account that you use for all your shopping gets compromised. The individual with your credentials can reset all of your accounts, including banking, because they have access to the master email account that allows them to send password resets. Your email address just became a skeleton key to your entire online life; the situation has spiraled out of control and your finances and reputation have been compromised. The losses in time to remediate the breach, and the actual financial loss in dollars are extremely high – MFA tuition high.
Multi Factor Authentication means that there is more than one component that makes up the authentication process. The classic explanation of MFA is the ATM machine. You have two elements that make up the system to authenticate who you are and if you are allowed access. The first factor is the ATM card containing your identity and account information. The second factor is your PIN. The combination of the two factors forms a powerful system to prevent ATM-derived theft.
Now that we have a model of how an MFA system operates, we can focus on some of the currently deployed technology for online systems. Many contemporary MFA systems employ mobile devices as the platform for the MFA mechanism.
Common MFA mechanisms are:
- SMS Messages
- Push Authentication
- Time Based Authentication
Any one of the three varieties function well and are a matter of personal choice or corporate policy. I prefer the Time Based Authentication as it allows a deeper level of control and allows you to aggregate a number of MFA aware applications under one system.
No matter which method you choose, it will greatly increase the security of your identity, and thus your data. As more and more systems get interconnected, everyone must take an active role in security.
Please join me in my next post where I will go through the how to configure MFA for Office 365.