Multifactor Authentication

Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces of information or objects

The many factors that comprise ​a multi-factor authentication system ​can be categorized into three types;

  • ​something you know​
  • something you have
  • something you are ​ Ideally, a multi-factor system ​will incorporate at least two of these factors.

By using a password in conjunction with ​a security token is a game changer. ​Even if the password is compromised by a phishing attack, ​the attacker would also need to steal or clone ​the physical token to be able to access the account.

Physical tokens can take a few different forms. ​Common ones include a USB device ​with a secret token on it, ​a standalone device which generates a token, ​or even a simple key used with a traditional lock.

 RSA SecureID token. ​It’s a small battery-powered device with ​an LCD display that shows ​a onetime password that’s rotated periodically.  - requires the time between ​the authenticator token and ​the authentication server to be relatively synchronized There are also counter-based tokens ​which use a secret seed value along with ​this secret counter value that’s incremented every ​time a onetime password is generated on the device. ​The value is then incremented on ​the server upon successful authentication. ​This is more secure than ​a time-based tokens for two reasons:

  1. First, the attacker will need to ​recover the seed value and the counter value. ​
  2. Second, the counter value is ​also incrementing when it’s being used.

Biometric authentication: Authentication that uses Biometric data 

  • fingerprint scanner, facial recognition, iris scans, Windows Hello
  •  ​One advantage of biometric authentication over knowledge or token based systems, ​is that it’s more reliable to identifying individual for ​authentication since biometric features aren’t usually shareable

 ​An evolution of physical tokens, is the U2F or universal second factor, ​it’s a standard developed jointly by Google, Yubico, and NXP Semiconductors.

Security keys are essentially small embedded crypto processors that have ​secure storage of asymmetric keys, and additional slots to run embedded code.