Multi-Factor Authentication

Multi-Factor Authentication is a great way to secure the action of humans accessing resources. Minimum 2 Factor Authentication should First Authenticate something the Human User Knows and 2nd Authenticate with something the Human User Has. The First factor is typically a password, pin, or pattern. The Second Factor is typically a One Time Code or message sent to an email, app, or phone you own or use. Biometrics have come into Multi-Factor Authentication realm for convenience for the most part. A Finger Print instead of password or Facial Recognition instead of a PIN should only be acceptable on phones and telephones. Biometrics is certainly less secure due to the false positive and impersonation factor but highly sophisticated Biometrics can be useful in may circumstances. One example is having a High Quality Iris Scanner on Door instead of a Card Reader. You can steal a key card but you cannot steal someone’s eye unless you’re Rocket Raccoon aka international trash panda lol I digress. Don’t get caught up in the cool nature of using your Finger Print or Facial Recognition on your cell phone because it may look fancy and be highly accurate, the fact remains that they can both be extracted, replicated, and impersonated. You just need a high level of extraction, then a high level of replication and then the impersonation attempt. But someone’s eye ball that is scanned within 100 millimeters of said eye can not be extracted without literal extraction. Finger prints and Faces however can be extracted via High Definition Photography then graphed onto 3D Printed Silicon or other flesh like material. Similar concept to your Twin or someone that looks just like you managing to open your device with their face. Finger prints can be hacked physically and digitally but admittedly this is hard to accomplish without physical access to the Human or their Finger Print Data.

All in all we all want convenience as Humans but we must remain vigilant against those that would do us harm. Be smart when it comes to MFA and know you can’t just have two different passwords for sign in and call that Mult-Factor Authentication. Lets be real folks, Security is at the forefront of every Organization Protecting Their Bottom Line. This means adhering to MFA Enrollment processes and best practices are gonna come in real handy down the road with several compliance metrics. Try to make MFA convenient as possible for your End Users. Something you Know should be something they commonly know like their System/Email Password. Something you Have should be either a Computer/Machine Cert on their Computer or a Secure Authenticator App such as Microsoft’s or Google’s. Make it harder to be penetrated and you protect your employees, data, and infrastructure from bad actors and hackers.
My Final Point on Mult-Factor Authentication is this, you don’t have to be super fancy with MFA but you do have to be Secure, Vigilant, and Thorough with your Process and Implementation of your Solutions. Do not cut corners when it comes to authenticating End Users in a Secure Manner.