Multifactor Authentication
Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces of information or objects
The many factors that comprise a multi-factor authentication system can be categorized into three types;
- something you know
- something you have
- something you are Ideally, a multi-factor system will incorporate at least two of these factors.
By using a password in conjunction with a security token is a game changer. Even if the password is compromised by a phishing attack, the attacker would also need to steal or clone the physical token to be able to access the account.
Physical tokens can take a few different forms. Common ones include a USB device with a secret token on it, a standalone device which generates a token, or even a simple key used with a traditional lock.
RSA SecureID token. It’s a small battery-powered device with an LCD display that shows a onetime password that’s rotated periodically. - requires the time between the authenticator token and the authentication server to be relatively synchronized There are also counter-based tokens which use a secret seed value along with this secret counter value that’s incremented every time a onetime password is generated on the device. The value is then incremented on the server upon successful authentication. This is more secure than a time-based tokens for two reasons:
- First, the attacker will need to recover the seed value and the counter value.
- Second, the counter value is also incrementing when it’s being used.
Biometric authentication: Authentication that uses Biometric data
- fingerprint scanner, facial recognition, iris scans, Windows Hello
- One advantage of biometric authentication over knowledge or token based systems, is that it’s more reliable to identifying individual for authentication since biometric features aren’t usually shareable
An evolution of physical tokens, is the U2F or universal second factor, it’s a standard developed jointly by Google, Yubico, and NXP Semiconductors.
Security keys are essentially small embedded crypto processors that have secure storage of asymmetric keys, and additional slots to run embedded code.