Using Two Factor Authentication (2FA) as an access procedure creates a double barrier to entry for system protection and security, making it that much more cumbersome for cybercriminals to breach the system. Providing MFA (multifactor authentication) is an even better solution that adds more layers of protection.
How 2FA Works
Most Two-Factor Authentication systems require the user to log in with a password and then employ a passcode generator to send a randomly generated code to the user which, once entered and validated, grants access. Because the passcodes are randomly generated, they are safer to use than a code that is used repeatedly. Passcode generators can limit the number of times the user can enter an incorrect code before being locked out and can also impose a deadline on the amount of time the user has to enter the sent code, thus acting as an effective deterrent to attempts to hack into the system. Another good feature of passcode generators is that the codes can be transmitted to a smartphone or other device for easy retrieval and use.
Two-Factor Authentication Methods
Hardware Tokens. Hardware tokens are physical devices such as key fobs that generate random numeric codes every 30 seconds or USB devices that autogenerate and transfer an authentication code when inserted into a computer device.
Security Questions. The system presents a series of questions from which you select, usually three, to provide an answer. Your answers are stored within the system. These are generally case-sensitive so when prompted, you must enter your answers as originally submitted.
Time-Based One-Time Passwords. This method uses an authenticator app which scans the secret key contained within a QR code and generates a temporary password that changes regularly.
Push Notifications. The system sends you a notice that your password has been entered and allows the opportunity to approve or decline this action, saving you having to enter further security information.
SMS Verification. A passcode generator sends you a text message with the passcode to enter, usually a sequence of numbers or a combination of numbers, mixed case letters, and symbols.
Biometric/Voice-based. More difficult to hack, biometric and voice-based authentication require physical human interaction to connect with the system such as a certain statement made in your own voice, a finger or palm print on a reader, or use of eye or facial recognition.
Some Disadvantages of 2FA
No 2FA method is completely foolproof – each has some breach vulnerability. For example, talented hackers may be able to locate answers to your security questions by searching other resources. Some disreputable services may sell to third parties the mobile phone number you provide for receiving access codes. Additionally, text messaging, push notifications, and most email applications are generally not secure systems, even text messages can be hacked, and you may not be able to receive your authentication code if you’re in an area where there is no wi-fi service.
Regarding biometrics, once a biometric identifier has been compromised, it can never be used again and, in addition, the technology required for implementation of a biometric ID system is likely to be too costly or complex to use for general services and apps.
With these caveats in mind, however, most systems can establish a reasonably secure operating environment by combining two of these authentication methods.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) employs the use of two or more steps to verify identity and is one of the key factors that sets Gold Comet solutions apart from other products and services. Gold Comet’s Secure Messaging, Secure File Storage, and Secure File Sharing all use MFA for system access. The system requires input of a User ID, Password, and Passphrase to gain access to data stored within the Gold Comet Secure Cloud. Along with Object-Level Encryption – which means every single message, attachment, and stored or shared file is individually encrypted – Gold Comet provides the ultimate level of access authentication for your online communications.
Comments