By Zach DeMeyer Posted January 22, 2020
Multi-factor authentication (MFA) is now one of the core methods for securing user access to IT resources. Many organizations are evaluating their options for adopting MFA policies. One such option is push notification-based MFA, but what benefits does it offer over other options?
For starters, let’s first talk about MFA in general, as well as several of the MFA options available.
What is MFA?
Multi-factor authentication (also called two-factor authentication or 2FA) is the practice of requiring an additional factor beyond the standard username/password combination requested at most logins. Oftentimes, these factors are colloquially known as “something you know, something you have, and something you are.”
“Something you know” includes username/password credentials, but also applies to security questions or similar factors. “Something you have” pertains to device-based MFA options like mobile passcodes or physical keys. “Something you are” generally refers to biometrics. We will go into more detail on these later.
Why Use MFA?
According to Symantec, 80% of recent breaches could have been prevented with the use of an additional authentication factor. This statistic makes sense considering Verizon found that around 81% of data breaches in the past several years were due to compromised credentials. If said credentials were backed by MFA, the perpetrators who compromised them would have a significantly harder time leveraging them in an attack.
But, how much of an effect does an additional factor have? Well, Google’s security blog studied the effects of MFA on account takeovers. Here’s what they found:
The chart above details the efficacy of the six most popular “something you have” and “something you know” MFA methods. Clearly, MFA has significant security benefits when protecting compromised credentials against a full takeover and breach.
Despite this, LastPass reports that only 26.5% of businesses surveyed enforce some form of 2FA on their accounts. With that in mind, let’s talk about the variety of ways an organization can implement multi-factor authentication.
What MFA Options Are Available?
SMS-based MFA is one of the more widely-used forms of MFA in use today. This method (Read more…)