Episode #10: What is MFA?
We learn about the three types of authentication methods that can help to protect your internet banking, email or social media accounts. And how combining any two of them can help to prevent a cyber compromise! Our AI friend also creates a wonderful 'Days of our Lives' style soap scene depicting a hacker being stopped by this security method...
Episode #10: What is MFA?
What is MFA?
MFA stands for Multi-Factor Authentication. It is a security process that requires more than one method of authentication from independent categories of authentication methods, typically at least two of the following: something the user knows (password), something the user has (smartphone), and something the user is (biometrics). This provides a higher level of security than traditional single-factor authentication methods, such as a password alone.
Can you give me some examples of the three types of authentication methods mentioned above?
Sure, here are some examples of the three types of authentication methods:
Something the user knows: This can include a password, PIN, security questions, or a passphrase.
Something the user has: This can include a smartphone, a security token, a smart card, or a token generator.
Something the user is: This can include biometric information such as a fingerprint, facial recognition, or voice recognition.
It is important to note that, a single-factor authentication method would be just one of the above method (e.g. just a password) while multi-factor authentication would be a combination of two or more of the above methods.
What is the difference between a password and a passphrase?
A password and a passphrase are similar in that they are both used as a form of authentication to gain access to a system or service, but there are some key differences between the two.
A password is a single word or string of characters that is used to authenticate a user. Passwords are typically shorter and may include a combination of letters, numbers, and special characters. They are designed to be easy to remember but hard to guess.
A passphrase is a longer string of words or characters, often a complete sentence or phrase, that is used to authenticate a user. Passphrases are typically longer and may include spaces and punctuation marks. They are also designed to be easy to remember but harder to guess as they are longer than a single word password. Passphrases have been shown to be more secure than passwords because they are harder to crack through brute force attack.
In summary, the main difference between a password and a passphrase is their length and complexity. Passphrases are generally longer and more complex, making them more secure than passwords.
Can you share some examples of passwords v.s passphrases?
Here are some examples of passwords and passphrases:
I love playing soccer on Sundays
As you can see, passwords are typically shorter and may include a combination of letters, numbers, and special characters, while passphrases are longer and include spaces and punctuation marks. Passphrases are also harder to guess and more complex, making them more secure than passwords.
So, I should use a passphrase instead of a password as one form of authentication?
Yes, using a passphrase instead of a password can be more secure as they are generally longer and more complex, making them harder to guess. However, it's important to use a combination of methods for authentication, not just one.
Can you please explain how the 'something you have' authentication works and how I can easily add this to my online banking login?
"Something you have" authentication refers to using an object or device that is in the possession of the user to authenticate their identity. One common example of this is using a security token.
A security token is a small physical device that generates a one-time passcode (OTP) that is used in addition to a password to log in to an account. The token generates a new passcode every 30 seconds or so, and the passcode can only be used once. This means that even if a hacker intercepts the passcode, they will not be able to use it to gain access to the account because it will have already been used or will have expired.
To add this method of authentication to your online banking login, you will need to contact your bank and ask if they support security token authentication. If they do, they will likely provide you with a security token, or instructions on how to obtain one. Once you have the token, you will need to activate it and link it to your online banking account.
After that, when you log in to your online banking account, you will need to enter your password as usual, and then enter the passcode generated by the security token. This will provide an additional layer of security to your account, as the passcode can only be generated by the security token in your possession.
It's also important to note that some banks use a mobile App as the security token, which is called "push notification MFA" or "App-based MFA". The App will generate a push notification to the user's phone to confirm the login.
Based on our conversation, it sounds like enabling MFA on services I need to log into makes them hack-proof. Is that right?
Enabling MFA (Multi-Factor Authentication) on services you log into can provide an additional layer of security and make it more difficult for hackers to gain access to your accounts. However, it's important to keep in mind that no system or service can be completely hack-proof.
MFA is an effective way to protect your accounts from common hacking methods like guessing or cracking your password, or using phishing techniques to trick you into giving away your login information. However, it's important to note that MFA is not a magic bullet and it can't protect you from all types of hacking attacks.
Hackers are constantly finding new ways to gain access to accounts, and they may use advanced techniques such as malware, social engineering, or even physical attacks to bypass MFA. Additionally, if a hacker obtains your security token, they could still use it to generate passcodes and gain access to your account.
For this reason, it's important to keep your accounts protected by using MFA and other security measures, but also to be vigilant and aware of any suspicious activity, and to be cautious when clicking on links or downloading attachments from unknown sources.
It's also important to choose a strong passphrase and keep it confidential, and to keep your security token in a safe place. It's also recommended to update your software and operating system regularly and to use a reputable security software.
The last authentication method you mentioned is 'Something the user is' and mentioned biometrics. What is 'biometrics'?
Biometrics is the measurement and analysis of unique physical or behavioral characteristics, such as fingerprints, facial features, iris patterns, voice patterns, or even typing patterns, used to identify and authenticate an individual. These characteristics are unique to each person and can be used as a form of authentication, known as "Something the user is"
The most common types of biometric authentication are fingerprint recognition and facial recognition. Fingerprint recognition uses fingerprints as a way to authenticate a user. It is typically used in smartphones and laptops as a way to unlock the device or to authenticate a user when making a payment. Facial recognition uses a camera to scan a person's face to authenticate a user. It is typically used in smartphones, laptops and other devices, as well as in physical access control systems.
Other types of biometric authentication include, but are not limited to:
Voice recognition: using the unique characteristics of a person's voice to authenticate a user.
Iris recognition: using the unique patterns of a person's iris to authenticate a user.
Hand geometry: using the unique shape and size of a person's hand to authenticate a user.
It's important to note that while biometric authentication can be more convenient and user-friendly than traditional authentication methods, it also raises concerns about privacy, data security and its reliability. Additionally, biometric data can be stolen, copied or even fabricated, so it's important to protect them with additional security measures such as encryption and access controls.
Can you write a 'days of our lives' style soap opera scene about a hacker failing to compromise my accounts because I use MFA?
Sure, here is a short "Days of our Lives" style soap opera scene about a hacker failing to compromise a person's accounts because they use MFA:
(Scene opens with a hacker sitting in front of a computer, typing furiously)
Hacker: (to himself) This is it, I'm finally going to crack John's online banking account. He's been so careless with his password, it's going to be a piece of cake.
(The hacker enters John's login information and hits enter)
Hacker: (to himself) What? It says my login attempt has been denied? That's impossible, I have his login information.
(The hacker types furiously again)
Hacker: (to himself) Oh no, it's multi-factor authentication! He's using a security token in addition to his password. I'll never be able to crack this.
(The hacker slams his laptop shut in frustration)
Hacker: (to himself) I can't believe it, John must have smartened up and enabled multi-factor authentication. He's protected his accounts from me!
(The scene fades to black)
It's important to notice that this is a fictional scenario and not all hackers are trying to crack your personal accounts, but it's always a good idea to use a multi-factor authentication to keep your information safe.