What Is Multi-Factor Authentication, and Why Is It Important?
What Is Multi-Factor Authentication?
Multi-factor authentication (or MFA) is the easiest and most popular way to secure enterprise users and access to their data. MFA requires users to verify their identity using two or more independent methods of authentication. Users need to authenticate using factors from at least two categories: something the user knows, something the user has, and something the user is.
Examples of Something the User Knows
Knowledge factors are the most common – and vulnerable – type of security. Knowledge factors are less secure because the information is easier to share or steal. Authentication examples of something the user knows include:
- PIN (or personal identification numbers)
- Answers to supposedly secret questions (such as “Where were you born?” or “The name of your first grade teacher.”)
Examples of Something the User Has
Something the user has – also called possession factors – have been the foundation of security for centuries. The most basic version is a key, which opens a lock. Possession factors are more complex now, but the premise is the same. Authentication examples of possession factors include:
- Google Authenticator (an app on your phone)
- SMS text message with a code
- Soft token (also called software token)
- Hard token (also called hardware token)
- Security badge
Examples of Something the User Is
A biometric verification (or something the user is) is a way to identify a person using their unique biological traits. Examples of biometric verification include:
- Retina and iris patterns
How Does Multi-Factor Authentication Work?
The goal of MFA is to provide a multi-layered defense system. This helps ensure that the users who access your system are who they say they are. Even if one factor is compromised, there are still more barriers to breach. For example, if someone’s computer password is stolen, the thief would still need more than just that information to break into the account.
81 percent of data breaches involve weak or stolen credentials. MFA can prevent that. (Data from the 2017 Verizon Data Breach Investigative Report.)
With MFA, users need to have the correct combination of multiple authentication factors. For example, to log in to a secure program, a user might need to type a password (something the user knows) and enter a number from a hard token (something the user has). Only the correct password combined with the correct number from the correct hard token would give a user access.
Multi-Factor Authentication Improves Security
Large companies use multi-factor authentication to limit access to mission-critical systems. Health care systems use MFA to ensure protected health information (or PHI) stays secure. And many smaller businesses use MFA for email because it helps keep phishers out.
Version control systems often store some of the most valuable assets companies possess – their intellectual property. However, most version control systems don’t provide full 360-degree support for MFA. For example, some version control tools have two-factor authentication (or 2FA) in their web interfaces, but not on the command line. This setup leaves your IP exposed.
When MFA isn’t used, any malicious person can pull down an entire repo from the command line. The only thing they would need is a username and password.
Worried About Keeping Your Source Code and Digital Assets Safe?
Incredibly, 42 percent of companies have experienced ransomware attacks. Exfiltration by disgruntled employees is a real issue. And careless or distracted employees can fall victim to phishing scams, exposing your assets to the world.
Mission-critical applications are protected with multi-factor authentication (or MFA). But what protects your IP – especially the code that’s stored in your version control system?