Multi-factor authentication (MFA)

Two-factor authentication (2FA) –or multi-factor authentication (MFA) in general – has grown in importance in security in recent years. This is about how users (employees and customers) authenticate to systems. 

First of all, authentication by username and password is called One-factor authentication (1FA). However, in order to increase safety, 2FA or MFA has been increasingly used in recent years. For instance, one possibility for a second factor is the Time-based One-time Password (TOTP) method, which is probably the best known method used in countless applications. For example, the TOTP procedure is used by Google and Microsoft in the Authenticator app. Also, many may remember the tokens of e-banking systems, which had to be renewed every 60 seconds. 

To sum up, this combination between username/password and a second system, which is mostly based on personalized hardware such as your mobile phone, is considered to be 2FA.

The possible authentication factors can be divided into three different categories:

  • Knowledge: the user has certain knowledge, which is known only to him. For example, these are passwords, pins, or answers to security questions
  • Biometrics: the user clearly uses biometric features such as his fingerprint, face or iris pattern
  • Hardware: the user owns an item that helps him with authentication. For example, a code generator, an SMS or an email to his mobil telefon. Or hardware in the form of a card or token.

Challenges:

1. Data is more secure from third-party access. 

Usernames and passwords of customers and employees are vulnerable to theft, for example, they are either not complex enough (in many cases only a few letters such as “123456”) or can be read out by Trojan. Another vulnerability is the writing down of passwords, either physically or digitally. Therefore, 2FA / multi-factor authentication can prevent attacks despite successful password entry.

2. They increase their reputation towards customers. 

Many customers don’t mind taking an extra step when they know it serves their safety, because, they gain additional trust when they know that the security of their data is important to the company.

3. Productivity can be increased or maintained. 

As data access becomes more secure, employees can increasingly be allowed to work from home.

In times like the current coronavirus crisis, it helps to maintain productivity, but, in normal times, employees can increasingly access the systems from home or on the go. According to the Harvard Business Review, this can lead to an increase in productivity of up to 13% (Harvard Business Review).

4. Lower operational costs. 

Access for hackers is made more difficult and this can minimize system failures.

The EU-wide GDPR Guidelines, as well as the Data Protection Act adapted to Switzerland, requires notification to the Confederation if personal data is lost, deleted, destroyed or altered or if unauthorised persons are disclosed or made available to persons (Art. 4 lit. g E-DSG). In conclusion, improved security measures can prevent fines.

5. Armed for possible standard. 

2FA or MFA can be used by the Federal Council as a standard for companies with sensitive data with regard to data security (Art. 7 Data Security & Art. 11 E-DSG).

 

In conclusion, organizations that are serious about security have no choice but to implement multifactor authentication, since it is currently a recognized and proven practice to authenticate users with multiple factors to protect sensitive data.

OUR SERVICES

The increase in the use of technology in all areas of life has also led to a sharp increase in cyber crime. In Industry 4.0 you work in a network and is always available. The data will become part of the core business. In addition to new market opportunities, this change also entails new security risks. Targeted cyber attacks with the goal of getting money or company secrets are increasing rapidly. Akana supports companies and organizations in all industries in implementing a successful IT security strategy. Our experienced consultants also actively support the implementation of IT security measures so that your company is well protected.

INSIGHTS

The corona pandemic has digitized our everyday life. In response to the pandemic and to shape their digital future, companies are increasingly using the advantages of cloud infrastructures such as Amazon Web Service, Microsoft Azure, Google Cloud, Alibaba, IBM or Oracle. But what is a “cloud”? What are the advantages for companies? And what do companies have to consider in the area of security and data protection? An analysis.

Element, WhatsApp, Threema, Signal, Telegram, Vibr, Wickr Me and Wire are not rock bands or fashion labels, they are instant messengers that enable the immediate exchange of text, video or voice messages with one or more recipients over the Internet. Thanks to smartphones, these messengers became extremely popular in a private as well as business context, since they allow data sharing in no time. The announcement of WhatsApp at the beginning of this year that the terms of use will be updated, moved data protection and the security of messengers to the fore. But what does this mean for WhatsApp users? How secure are messengers in general? And how are the messages securely stored and transmitted? This article compares four popular messengers – WhatsApp, Threema, Signal, and Telegram – to answer these questions.[1]-[3]

Identity and access management (IAM) is the discipline to enable the right individuals to access the right IT resources, such as systems applications, files, and networks, at the right time for the right reasons. This often needs to be enabled across diverse technologies and the resulting processes must meet the security policies of the organization. The IAM system is a critical part of IT infrastructure of any larger organization.

VIDEO

Our IT security expert Michael Fedier talks about the 7 steps to take your IT security to the next level and how we do IT security consulting at Akana.

Our way of working has been turned upside down by the corona virus. Companies had to offer their employees the opportunity to work from home in the shortest possible time. It was not only a challenge to provide the necessary infrastructure. Not infrequently, the necessary safety precautions were also neglected. Thanks to the home office, productivity can be maintained as much as possible. But the new way of working is susceptible to hackers who want to profit from the current situation.

OUR SERVICES
Share with Others
Share on facebook
Share on twitter
Share on linkedin
Share on xing
Share on pinterest
Share on email
Share on print

ALWAYS UP TO DATE

AKANA NEWSLETTER