A cyber criminal’s theft of usernames and passwords is a common occurrence these days. In fact, a Russian crime ring stole Internet credentials last August, including 1.2 billion username and password combinations and more than 500 million email addresses. Such attacks plague organizations and agencies of all kinds, due to lack of adequate authentication practices. To combat exploits like these, multifactor authentication (MFA) can be a critical component of any enterprise security strategy.
MFA is a simple best practice that adds extra layers of protection on top of your username and password—what the user knows (password), what the user has (security token) and what the user is (biometric verification). For example, if MFA is enabled when a user signs in to a website, he/she will be prompted for a username and password (the first factor—what they know), as well as for an authentication code from their MFA device (the second factor—what they have), as well as for a fingerprint scan (third factor—what he/she is). Taken together, these multiple factors provide increased security.
A recent ABI Research survey determined that the mobile MFA software and services would be worth $1.6 billion by the end of 2015. Help Net Security published the following details on the matter in a recent article:
[Recent events] have created significant market demand for mobile user authentication technologies that can be used to provide additional factor of authentication, thus adding an extra layer of security. One-time-passwords (OTPs) and tokens have emerged as the preferred choice of authentication as they offer greater security because the password they generate is only valid for a single session/transaction.
Digital certificates based on the concept of public/private key cryptography are also an effective authentication mechanism. Public key techniques have been adopted in many areas of information technology, including network security, operating systems security, application data security, and digital rights management (DRM).
ABI Research calculates that the global managed mobile PKI software and service market will be worth US$74 million by the end of 2015.
Many financial enterprises and other organizations including Google, Facebook, Microsoft, Twitter, and Apple are already using two-factor authentication (2FA). One form of two-factor authentication requires hardware-based security tokens.
“In the recent years hard tokens have been increasingly replaced by their software counterparts (soft tokens) which use either a smartphone app or the phone itself to supply a secret code for authentication. Other methods used to provide the second authentication factor include smart cards, security certificates, OTPs, and biometric scanning. A comprehensive solution will allow organizations to effectively enforce the appropriate method of authentication across applications, endpoints, and environments (on-premise and cloud) without burdening end users,” says Monolina Sen, ABI Research’s Senior Analyst in Digital Security.
For more information regarding the increase in the use of MFA technology, see the full Help Net Security article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.