Multifactor Authentication
Cell Phones | Authenticator Apps | YubiKey | Biometrics
MFA Issues | Going Passwordless
Multifactor authentication (MFA) has replaced the term two-factor authentication (2FA). This implies the ability to have more than two authentication methods.
- So, you're locked out of multi-factor authentication. Now what?
- The evolution of multi-factor authentication.
The authentication device is preferably something that is always with you and is inaccessible to potential hackers.
[T]here are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint).Biometric scanners for fingerprints and retinas or faces are on the upswing thanks to innovations such as Apple's Face ID and Windows Hello.
But in most cases, the extra authentication is simply a numeric string, a few digits sent to your phone, as a code that can only be used once.
— PCMag
In most cases, once you're set up MFA, you cannot return to password-only authentication. Recovery methods vary by vendor.
Remember this as you panic over how hard this all sounds: Being secure isn't easy.The bad guys count on you being lax.
Implementing MFA will mean it takes a little longer to log in each time on a new device, but it's worth it in the long run to avoid serious theft, be it of your identity, data, or money.
— PCMag
- Multi-factor authentication: Who has it and how to set it up.
- How to set up two-factor authentication on your online accounts.
- The safer way to sign in to all of your online accounts.
- How do I manage my multifactor options in LastPass account settings?
- Two-factor authentication for Apple ID has replaced two-step verification.
- How to help keep your Microsoft Account safe and secure.
Cell Phones | Authenticator Apps | YubiKey | Biometric | MFA Issues
There are several multifactor options for devices to protect your password.
One of the earliest was confirmation via email which is still the method used to verify questionable actions like the change in a password or access from an unknown location.
These MFA options are discussed in more detail:
Cell Phones
A cell phone is something that most people have and it is usually with them at all times.
Most commonly, SMS is used for verification, but the mobile number may also be a backup security method.
SIM Card Hijacking
Unfortunately, it appears that it isn't that hard to hijack your cellphone's SIM card.
They may only require the last 4 digits of the credit card that pays for your account to gain access to the very multifactor authentication that is supposed to protect you.
Hackers have discovered that one of the most central elements of online security — the mobile phone number — is also one of the easiest to steal.
— NY Times
If the Phone is Unavailable
Even in this age of ubiquitous cell phone ownership, some folks just don't have one or cannot afford the bandwidth.
The other problem is the loss of your phone or it becoming unavailable to you for other reasons such as being out of a coverage area or on holiday.
Authenticator Apps
Given the potential vulnerability of cell phones, a better solution might be authenticator apps.
Google provides the Google Authenticator for both Android and iOS. Microsoft Authenticator app can also be used on non-Microsoft accounts.
- Download and install the Authy Authenticator app.
- Download and install the Microsoft Authenticator app.
- How to use the Microsoft Authenticator app.
- Add non-Microsoft accounts to the Microsoft Authenticator app.
- Google Authenticator.
- The best authenticator apps — PCMag.
YubiKey Verification
This section explains the advantages of YubiKey, but there are other alternatives. Your choice should be made based upon what works best for you yet is secure enough for your circumstances.
About YubiKey
Yubico was founded to set new global authentication standards, enabling one single security key to access computers, phones, networks and online services—all in a simple touch.We named our invention the YubiKey — your ubiquitous key.
— YubiKey
The YubiKey is a hardware authentication device, designed to provide an easy to use and secure compliment to the traditional user name and password.
Password Invalid Without Device
Like the cellphone, a USB device like this can be used as another level of security. Unless the person attempting to use the password has the device, the password will not be accepted.
A premium edition of your password manager software may be necessary when combined with a YubiKey.
How YubiKey Connects
YubiKey is dependent upon a USB-A or USB-C port or a NFC connection plus the software to make it work.
YubiKey can be used with USB-C adapters but not all adapters worked well, including the Apple USB-C Multi-adapter.
The YubiKey is not a biometric device. The fingertip is used to activate the device, not for authentication.
Mobile Devices
Since most mobile devices lack USB ports, YubiKey provide a NFC option.
YubiKey supports strong authentication for iOS and Android smartphones and tablets.
NFC usage on iPhones is only supported on the iPhone 7 and newer, running iOS 11.3.1 and newer.
Many environments restrict mobile device use altogether making most MFA methods unusable. See how you can ensure strong security with ease, all without a cellular connection.
— YubiKey
See YubiKey solutions for the latest updates.
Biometric Verification
Biometric verification is an attractive alternative because it is difficult to duplicate and the technology is attainable.
Ensure Data Verified Securely
Apple introduced fingerprint scanning with their iPhone 5S. As Apple quickly learned, the issue is privacy and personal security.
You don't want to be sending your biometric data to every site you log onto.
Microsoft provided biometric verification in Windows 10 with Windows Hello, provided you have the supporting hardware.
Intel True Key allows you to sign in with your face or fingerprint (on supporting hardware) and provides optional multifactor authentication.
Vendors, through the Fido Alliance, are working on a standardized authentication protocol to verify your identity using a private key so that your biometric scan never leaves the device.
It is anticipated that this technology could eventually replace the tricky and risky use of passwords altogether.
It Can Be Used Against You
While convenient, you might find that biometric authentication such as your finger to open your device or personal accounts without your express permission.
Choose carefully what items are verified by biometric data under certain circumstances such as when crossing borders.
