What Is Multi-Factor Authentication?
Multi-factor authentication (MFA) is a form of access control that acts as an additional security measure to a user login. It’s defined as two or more forms of verification factors that are needed to gain access to an application or network by a user. Usually, it involves something you are, something you know, and something you have.
For example, you would have to enter a password and then approve verification on your mobile phone. Or you must do those steps above and then enter a unique code. It helps ensure that the user is who they claim to be through their initial credentials. Credential theft is a major attack vector, and MFA is a crucial layer of protection against that tactic.
Multi-factor Authentication (MFA) v. Two-factor Authentication (2FA)
While 2FA means a user must present two kinds of credentials, MFA requires at least two, if not more. Even though most common MFA applications could fall into the category of 2FA, 2FA is rarely used as a term anymore, and MFA has taken over as the common term for this kind of access control.
Why? Because all 2FA is MFA, but not all MFA is 2FA.
MFA v. SSO
While single sign-on (SSO) is another form of access control focused on user logins, it operates in the realm of convenience, not just security. With SSO, a user can access multiple applications with a single set of credentials. SSO is also centralised, so it can operate as a form of access monitoring, allowing IT teams to better see user activity.
Multi-factor authentication can be, and should be, used in tandem with SSO to prevent a breach originating from the singular set of credentials.
Example of MFA
A common example of MFA is the application Okta. With Okta, a user has to login through Okta on a computer or device, and then verify their identity on a secondary device through Okta. Any access control where the user has to verify the credentials they just put in, be it a passcode or even a fingerprint, falls under the umbrella of MFA.
Arctic Wolf integrates with Okta, allowing for alerts on suspicious activity or user changes, event correlation with other source logs, and identification of attackers trying to bypass MFA.
MFA and Zero Trust
MFA is one of the key components of a Zero Trust strategy. It adds a layer of protection to access, which is one of the main parts of access and identity security. In a Zero Trust framework, no user, or their access is automatically given, it must first be confirmed. That condition is easily achieved through MFA.
While it’s recommended that MFA be implemented across a network, it isn’t a foolproof method to stop threat actors from gaining access through credentials. There are two things to note when it comes to MFA:
- Implementing MFA is critical to access security. Too many organisations neglect MFA, especially when it comes to access to critical assets or networks. Only 26% of companies use multi-factor authentication. That’s far too few.
- MFA is vulnerable to attack and can be exploited during a social engineering attack. MFA –fatigue — also known as prompt- or push-bombing — is emerging as a kind of social engineering attack where a hacker who’s gained credentials requests MFA verification over and over, causing the user to click it out of annoyance. In addition, hackers are known to pose as internal IT employees and request MFA verification.
MFA alone is not a solid access strategy, but it’s one major piece of the security puzzle, especially in terms of access and management security.
MFA and Arctic Wolf
- Managed Detection and Response: MDR detects unusual login activity. So, if there are many MFA requests at once, say at 2 a.m., it will be detected, and the organisation will be alerted. The same is true for odd geographic logins, like a login from a different country.
- Managed Risk: MFA is one of the strategic implementations the Concierge Security® Team (CST) will suggest to an organisation if they do not already employ it.
- Managed Security Awareness: MFA fatigue and MFA attacks are part of the MSA curriculum. The importance of MFA is also discussed in MSA videos.