Multi Factor Authentication: Evolution of a Password | Fibernet

Evolution of a Password

password keyWith numerous substantial cyber security breaches in 2017, organizations around the world have been looking for additional safeguards to protect their data and systems. It’s become apparent to many that your password may not be good enough anymore. Predictions from industry experts indicate that a move to dual factor or even multifactor authentication is imminent.

What is multi-factor authentication, and what does it mean for you? Dual factor authentication usually combines something you know (your password) with something you have (a smartphone, USB Security Key). Most folks are familiar with Google’s verification where it texts a 6-digit code to your smartphone. That’s dual factor authentication.

Multi-Factor Authentication adds an additional layer of security to the mix by adding something you are (facial recognition, iris scanning, or fingerprint sensors). Thus, to log in you provide your password, a six-digit code that is automatically texted to you, and your face in front of a webcam.

Experts indicate that this will be a growing trend in cyber security in 2018, and a point of emphasis especially for organizations that need to store sensitive data. Banking, healthcare, and financial services companies are expected to invest heavily in identity management solutions so that they can avoid becoming the next Equifax.

Another evolving technology that is helping businesses worldwide to better secure sensitive data is risk-based authentication. RBA dynamically applies various levels of strictness to the login process according to the risk level. The higher the risk, the more restrictive the login process becomes. If a user changes geographic location or IP address, it can trigger additional authentication requirements.This kind of smart security is often powered by an artificial intelligence engine.    

The good news is that users are finally starting to see value in stronger authentication processes. Recent high-profile data breaches in the news have made the public more aware than ever of the risks they face daily. As a result, they are more willing to take the extra few seconds needed for a stronger authentication process.

Competitive concerns are holding back some companies from implementing a different authentication process that might make their services harder to access. Their concern for a potentially degraded user experience in some instances outweighs their desire for secure applications. Companies worry about losing market share to a competitor if their security is too cumbersome.

The technology for dual or multifactor authentication is already in place. There isn’t a need to reinvent the wheel here. The barriers most organizations face are more people, process, and culture oriented. They don’t know how to implement new security or have objections to how it will change their processes or works flows.

Organizations that invest in security now will reap the benefits in the future. Consumers are becoming more and more security conscious and will be demanding better security to do business. This is especially true of organizations that secure sensitive data such as the finance and healthcare industries. Smart business owners are proactively taking extra measures to secure company data.

The moral of the story is that the next time you’re asked for additional information or a second verification to log in to a website, don’t be annoyed. Take the time to do it, and rest assured that the business behind it has your best interest at heart. They want to keep your data and identity safe.

Also, if you’re a business owner that has client facing web resources, it might also be in your best interest to see how you could incorporate dual or multi-factor authentication into your products to make them more secure.

About the Author: Mike Herrington works for i.t.NOW a Utah based managed services provider and is a 10-year veteran of the IT services industry. He consults with small and medium businesses to address their needs for IT support and security.