Better Authentication Options in 2022
Deep Core Data, LLC
We're here to keep all your technology operating smoothly and safely.
In light of this alarming news, this week, we’re going to briefly review which types of MFA tokens are most secure. Up next, we’ll talk about other tips and strategies for improving the security of your MFA-protected accounts.
In brief, MFA refers to systems that require more than one type of authentication to access. Typically, this means entering a password and doing a second thing, such as clicking a link in a recovery email, entering a code you were texted, choosing “approve” on a notification on your phone, or physically connecting a device to your computer.
Not all MFA options are not all equally secure.
5. The worst MFA option is no MFA at all.
If only some of the options below are possible for you, it is still better to choose the strongest option your account provider supports than to have no MFA option on your account. Not having MFA makes accounts much, much easier for hackers to take over, and enabling MFA is one of the basic internet security steps we recommend to everyone.
4. Email
MFA emails or sign-in verification emails are the second-worst option, often timing out in ten minutes or more – and making it easier for someone who has broken into one email account of yours to take over other accounts. If you must use email, for instance, for an electronic medical record or banking system, it is best to use an email account that is protected with one of the more robust MFA options.
领英推荐
3. SMS
SMS (recovery text messages) are the third-best MFA option. They typically time out slower than hardware or software TOTP (Time-based One-Time Password) options. More alarmingly, depending on your cellphone provider and location, they may be easier to intercept than dedicated hardware or software tokens. Rather than email, taking over or intercepting text messages directed to your phone number is relatively complex and expensive.
2. Hardware
Physical hardware tokens are the second-best MFA option. Their weaknesses are about practicality more than security. Something like a smart card, Yubikey, or other specialized physical tokens that store your TOTP MFA token is very, very hard for anybody else to access – but it can be tricky for you to access, too, because this type of token can be expensive to buy and easy to lose or damage.
1. Smartphone Apps
Using a smartphone app from a major company such as Microsoft or Google means that you can acknowledge a notification instead of typing, creating a smoother and more pleasant user experience. Importantly, it is uncommon for most people to forget or lose their phones compared to their hardware tokens. Software-based tokens of this kind are very, very difficult to compromise in most cases. We’ll talk about exceptions and caveats to this next time.
Thank you for reading! If you have more questions about MFA or account security in 2022, please don’t hesitate to contact Deep Core Data, and be sure to tune in later this month for more information about securing MFA.