‘Please enter the OTP we’ve sent to your phone.’
‘Where were you born?’
‘We need to access your location.’
We’re assuming you’ve come across some of these requests when entering an account and perhaps greeted them with an eye roll. After all, how hard does it have to be to gain access to your own data?!
Frustrating though they may be, there’s a good reason these things exist.
All of the above requests are examples of evidence or factors used as part of a process called multi-factor authentication or two-factor authentication. Only once all these factors are satisfied are you allowed access to the asset you’re trying to get into.
Multi-factor authentication is an increasingly popular and necessary way of securing your data, info and accounts. By adding extra layers to your security, you are making it harder for hackers to get in.
Someone trying to access your accounts could feasibly get hold of your password or passwords. But it’s highly unlikely that they would be able to get hold of your thumbprint… You’d hope.
Many companies and indeed mobile devices give you the option to choose how you want to secure your assets. Depending on what factors you choose to implement, different forms of authentication are used in conjunction with one another to ensure only you can get in.
These factors can usually be split into four different categories. We look at the pros and cons of each below.
Knowledge Factors
The most common form of authentication.
Passwords are everywhere and are used in just about everything whether you’re buying pyjamas or accessing a government database. As you do. They aren’t the only factor that requires prior knowledge however.
You will often see follow up security questions which request a fact that supposedly only you would know. Other examples of knowledge factors in common use are the PIN you use to get into an ATM.
Ultimately knowledge factors aren’t that secure on their own which is why it’s becoming increasingly common to see them used as one part of multi-factor authentication.
Pros:
Cons:
Possession Factors
If you think about it, this is the oldest form of authentication. For thousands of years physical assets have been secured by lock and key. In order to get in, you need the key that fits the lock. Of course, they’re still used in most domestic properties. For now…
And possession factors are used in some areas of business. Certain assets can be accessed by providing a particular fob, key card or USB stick. It used to be quite common for companies to use these tokens to provide their employees with access to the network.
The user interface is simpler and allows for additional functionality but they’re a lot less popular now as these items can be corrupted or potentially used to carry harmful malware and data into the company.
A possession factor which is on the increase is the use of the mobile smartphone, primarily because most of us have got one. Using this as a method of access is fairly reliable as we’re much less likely to lose it and can download relevant and secure apps that relate directly to what we’re trying to access. The mobile is often used in conjunction with inherent factors…
Inherent Factors
Facial recognition, fingerprints and voice activation. These are all inherent factors because they are directly associated to the user.
Inherent factors are becoming increasingly popular as the technology to read them becomes more easily accessible and readily implemented into our devices. Many smartphones now have fingerprint sensors and in the case of the latest iPhone, facial recognition.
Voice-activated tools like Siri have also been present in our devices for some time although they’re not as often used for authentication. The rise of Amazon Alexa and other virtual assistants shows the clear implications of where voice activation could be taken.
As voice technology improves so will its prevalence in multi-factor authentication as it’s possibly one of the things we have the most control over and is most unique to us.
In the meantime, fingerprints are now a major part of multi-factor authentication. When accessing a bank account or other secure location, you will often be prompted to use your phone’s sensor in conjunction with a One Time Passcode (OTP) or password to gain access.
Location Based Factors
An increasingly popular method of authentication which uses your GPS location to establish whether it matches that of the asset. Hackers are capable of mimicking many types of factors in order to get to your data but your GPS location is pretty difficult to fake.
This is a particularly useful method for those using a private network in an office. Directors can rest assured that when used alongside another factor such as a password or PIN, access is only guaranteed to those within the office.
Better Together
Essentially all of these factors have limited usefulness on their own so using them as part of a multi-factor authentication process is the only way of guaranteeing complete security.
Some examples of where this is implemented in commonly used software is Microsoft Office 365, Google Chrome and password managers like LastPass and Dashlane. A lot of data is transferred through Office 365’s Business applications so it’s of utmost importance that it is protected.
Likewise, the Chrome web browser is often used as one unified suite of tools with a great deal of personal and company data transferred within. It will often require an encryption key and mobile phone authentication as well as your Google account passwords to get access.
At Reality Solutions, we thoroughly recommend these products and the use of multi-factor authentication across all your assets to ensure your business is fully secure.
To find out more about how you can secure your business assets and implement products like Office 365, make sure to get in touch.