Multi-factor authentication

By Matt Belyus
Valet Technologies

Thank you for checking out the Valet Tech corner. We will be writing tech articles without all the tech jargon so you can better understand the technology and how it can benefit you.

With the need to secure your online accounts, many vendors require multi-factor authentication (MFA or 2FA). From Wikipedia: “Multi-factor authentication (MFA; encompassing authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.” We wanted to give an official definition so we can better go about telling its use.

One software package that is heavily pushing MFA is Microsoft Office 365. We recently posted on our Facebook and LinkedIn pages about a new attack on Office 365. The attack is a brute force attack on passwords. The attackers have software that will try the most common passwords to access your accounts. These attackers also realize that once they are into your account, the chances are that you have used the same password for other accounts such as credit cards, banking, etc. The attack only works for accounts not using MFA. If the software you use supports MFA, we strongly encourage you to set it up.

The most common MFA setup is to use an “authenticator” software on your smartphone. The most common ones are from Google and Microsoft. Both will work for any software you use, so there usually is no need to have multiple authenticators. I did say “normally” since some specialized software may require you to use their authenticator, but this is very rare. The authenticator software is available from the App stores for Apple and Android. After you install the authenticator software, you can set up MFA for your online accounts. These accounts will typically have a QR code to scan with your phone or enter a numeric code to associate the authenticator software. After set up is complete, you will see the software listed and a six digit code which you software will prompt you for when you login. This may seem like a lot of work to get into accounts, but what would compromised account cost you?

In the coming weeks, we will be going more in-depth on securing accounts. If you have a particular topic, you would like us to cover just let us know.

Check us out at www.valettech.net, or feel free to email us at [email protected], and we will be happy to answer your questions.