ITSecure Advisory - Multi-Factor Authentication (MFA)

Back to ITS Updates

 

Wouldn't it be nice if your accounts could let you know when someone new is trying to get into them? Even better, wouldn't it be terrific to make a stolen password useless to others? Read on to learn more about multi-factor authentication. 

What is Multi-Factor Authentication (MFA)?

The process of authentication, or verifying who you are, is key to protecting sensitive information and institutional resources. In general, there are three different ways to prove who you are: what you know, or knowledge such as a password, what you have, or physical possession such as your driver’s license, and what you are, or biometrics such as your fingerprint. 

Unfortunately, the most common method of using usernames and passwords (i.e. something you know) is no longer sufficient to protect accounts with sensitive information. Multi-Factor Authentication requires the use of two or more of the above verification methods. When only two methods are used, this approach is often called Two-Factor Authentication (2FA) or two-step verification. For our purposes, these terms can be used interchangeably.

A classic example of MFA is a traditional ATM card. In order to withdraw money, a person must have possession of the ATM card as well as knowledge of the secret PIN. Without either, a customer would not be able to withdraw money. 

What does MFA or 2FA look like? 

Let’s take a closer look at the additional step(s) in a MFA or 2FA experience. These steps are seamlessly integrated into the log in experience, and provide for a balance of security, ease of access and convenience.

 

The technology landscape is constantly changing with better ways of achieving MFA. Some of these include:

  • Using a physical key or security token (e.g. Yubikey)
  • Receiving a push notification on a registered device
  • Generating one-time passcodes (e.g. Google Authenticator or Authy)
  • Biometrics paired with a registered device 
  • SMS text message*

 

* This method is considerably less secure. When possible, opt for one of the other methods. 

When to use, and how to set up MFA? 

MFA can provide an additional layer of security, especially for websites and services containing sensitive information. Where supported, enabling MFA is a critical and proactive step one can take to ensure unauthorized people do not access the account. Check to see if an online service supports 2FA, and the steps necessary to enable it at Two Factor Auth (2FA)

To enable Two Factor Authentication on your Google account, follow the steps in this Google Help article

 

Was this information useful? We're always adapting and changing, just like hackers. Please feel free to send us feedback. We'd love to hear from you and make Colgate more secure.