Understanding Multi-Factor Authentication

Understanding Multi-Factor Authentication

January 23, 2020

The password: it is arguably the most popular and most common security measure available, and at a lot of times it is also the most vulnerable.  It seems like every other news cycle contains a story about a data breach and millions of compromised passwords.  And what is the response of most organizations in the event or threat of a data breach?  It is to change user passwords.

But the password has a lot of shortcomings.  For starters, passwords do not provide a strong enough verification of identity.  Anyone who gets a hold of the password can simply unlock an account and do as they wish once access is granted.  In addition, the security of the account is based solely on the strength of the password, which, as we all know, is usually not strong enough. Nobody remembers a string of characters containing uppercase, lowercase, numeric, and special characters.  Users want something simple and easy to remember.  The dark flipside to that coin, however, is that it unwittingly makes the account very easy to hack.

This is the reason why organizations are adopting multi-factor authentication (MFA) to supplement the password as a means of access control, or in some cases, as an actual alternative to passwords.

What is Multi-Factor Authentication?

Multi-factor authentication (MFA) is a security enhancement that verifies a user’s identity by requiring two or more pieces of evidence when logging into or accessing an account.  So, end users must present at least two forms of identity verification before logging in.

The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network, or database.  If one factor is compromised or hacked, the attacker still has at least one more barrier to breach before successfully gaining access to the target.  In the past, MFA systems typically relied upon two-factor authentication. Increasingly, vendors are using the label "multi-factor" to describe any authentication scheme that requires more than one identity credential.

What factors are actually involved in a multi-factor authentication process?

To be granted access to an account protected by multi-factor authentication, users must combine verification factors from at least three different groups instead of just a single password.  These groups are:

1. Something You Know

This is usually a password, PIN, passphrase, or questions and their corresponding answers.  In order to successfully authenticate using this factor, the user must enter information that the system can then match against what was previously setup or stored.

2. Something You Have

Before smartphones became commonplace in the business landscape, users would carry around tokens or smartcards.  These devices would generate a one-time use code that could then be typed or entered into the system.  Today, most businesses use smartphones as the device that generates these codes or allows them to respond back to a server with a one-time use code behind the scenes.

3. Something You Are

These are biometric traits, and include anything from fingerprints, retina scans, facial recognition, voice biometrics, or a user’s behavior (such as how hard or fast they type, move a mouse, or swipe on a screen) that can be used to identify a unique user.

With multi-factor authentication, security is strengthened because users are required to enter not only a password, but also another authentication factor—something that would be much harder for hackers to steal.

A Vital Element of Cyber Security

Increasingly, many organizations are recognizing the threat of data breaches.  The frequency and scope of these breaches continues to rise, which is one of the reasons why cyber security has become a top priority for many organizations, especially with the rise of cloud communications.  To address this concern head-on, the majority of organizations have turned to and are implementing MFA.  In fact, the multi-factor authentication market is expected to reach $12.5 billion by 2022.  This shows that a lot of organizations think that MFA is, right now, one of the best security measures that can be implemented to protect your company, users, and sensitive data.

Multi-factor authentication provides a layer of protection for both employees and customers against hackers, scammers, and thieves.  It mitigates the ripple effect of compromised credentials: a hacker may steal a username and password, but if they’re prompted for another factor before they can access critical data, make a transaction, or log into a system, they’re stopped cold.

Implementing MFA

So, it’s all about adding factors.  But how an MFA solution is implemented is just as important as the credentials it’s asking to validate.  A good multi-factor authentication method combines two or more factors in a convenient way.  The usability of the implementation must always be the first consideration when installing a multi-factor authentication system.

Why?  Because nobody can be expected to remember a 16-digit password with special characters, answer a question about their third-grade teacher’s favorite pet, then input a one-time-password generated by an app, and finally type in arbitrary text while wiggling the mouse to determine their behavior pattern.  A good multi-factor method should be just as simple and convenient to use as the original computer-based authentication method: the password.

Even when applying multi-factor authentication, organizations can still stay focused on customer experience.  The good news is that multi-factor authentication can be seamless.  It’s just a matter of choosing the right authentication methods.

Seamless Authentication Across Channels

NICE Real-Time Authentication (RTA) provides end-to-end authentication and fraud prevention for contact centers.  Based on voice biometrics, it automatically verifies the caller’s claimed identity within the first few seconds of a call through natural conversation with an agent.

Leveraging its unique Single Voiceprint capability, RTA uses the same voiceprint across channels, allowing effortless authentication in the Interactive Voice Response (IVR) or mobile application as well.  Combining voice biometrics with additional authentication factors, RTA offers risk-based authentication across multiple channels.

It improves the level of security, reduces operational costs, and the best thing is… consumers don’t even notice it!