Security Management: What is Multi-Factor Authentication and why do you need it?
Managing secure access to internal, on-premise systems has always been important, but robust user authentication procedures are critical now that many organizations are implementing online/Cloud-based solutions and services, where staff may log on to your business systems from many different devices and locations.
Relying on passwords is no longer enough. These days, most of us have far too many accounts to use and remember complex passwords for all of them. Password management systems are available, of course, but many people don’t bother with them. When creating accounts on websites, too many people use the same old passwords again and again. They might think that they’re great ones, that no one could possibly figure out… but, what if they are wrong…? Then there’s the danger that someone could gain unauthorized access to that person’s accounts… which may include your business systems.
Multi-Factor Authentication is an important means of reducing this risk.
What is Multi-Factor Authentication (MFA)?
It’s a method of requiring people to use 2 or more different methods (or factors) to confirm their identity before granting them access to a system.
Unlike passwords alone, which only require the user to present something they know (which could have been acquired or deduced by an unauthorized user), MFA also requires them to use something they have (such as a bank card or a phone), and/or something they are (i.e. something unique to that person, such as a fingerprint or retina scan).
2-Factor Authentication (also known as 2FA), a type of MFA, requires users to identify themselves using a combination of 2 of these factors. For example, ATM withdrawals use two-factor authentication; you can only get the cash if you use the correct combination of bank card (something you have) and PIN (something you know).
How 2-Step Verification works
Commonly used apps such as Google Authenticator deploy a variation of 2FA, known as 2-Step Verification. The user confirms their identity using a combination of a password (which, of course, they know) plus a second factor. In the case of Authenticator apps, the second step usually involves inputting a code which is generated on a device, such as a phone, which has previously been verified by the app and the target system as belonging to that user (i.e. something they have).
To verify the user’s device initially using Google Authenticator, the target system will display a QR code to an authenticated user, which the user then scans with his or her device to verify that the device belongs to them, and that they are an authenticated user of the system. Once 2-Step Verification is set up for that user, they will then be required to input their password, plus a code generated by Google Authenticator on their verified device, to gain system access.
You can see an example of it in use on our QCloud Audit Service in this short video on 2-Step Authentication.
If you’re considering implementing solutions and services within your enterprise, it’s imperative to ensure that they incorporate MFA to allow you to verify users and minimize the risk of unauthorized access.
You can also find out more about tools which can help you with other aspects of managing your ERP security.