Cloud IPP & Security Issues and Risk Managment Matrix
2/9/22, 11:24 PM Multifactor Authentication
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/multifactor-authentication.html?ou=622270 1/5
Multifactor Authentication
It is often a good idea to use two-level or multifactor authentication, instead of single-
level authentication, for network security. For example, organizations can make it
mandatory for all employees to use both a PIN and a password to log in.
A multifactor authentication system authenticates users via a combination of factors:
something they know (for example, a password), something they have (for example, a
smart card or token), and something they are (for example, as proven with a biometric
characteristic such as a fingerprint).
Multifactor Authentication Scenarios
After a security breach where an intruder gained access to the network by using an
employee's password, Programmers, Inc., has decided to move to a multifactor-based
authentication system. Programmers, Inc., installs a smart card reader at the entrance to
the office. This reader acts as the first authentication mechanism. The employees'
usernames and passwords act as the second mechanism. The IT security team installs
biometric systems at the entrances to the office, the data center, and the server rooms,
and those systems act as the third authentication factor.
The multifactor authentication system is easy to use and tough to break. However, it is
expensive to implement and maintain.
As for single sign-on, most banks provide their customers with a unique username and
password combination so that they can access their accounts online. However, usernames
and passwords are easy to obtain, making this a less than ideal solution (Imprivata, 2009).
A multifactor authentication system is the most secure authentication system the bank
can implement. Such an authentication system would authenticate users based on a
combination of factors: something they are (for example, a unique username that
identifies the user), something they have (for example, a USB token or certificate that the
Learning Resource
2/9/22, 11:24 PM Multifactor Authentication
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/multifactor-authentication.html?ou=622270 2/5
bank provides to its customers), something they know (for example, an SMS code the
bank sends the user on his or her mobile phone and that the user enters to access the site
or carry out a transaction).
Multifactor Authentication Overview
Often passwords alone do not provide adequate protection. One way of strengthening
security is to deploy more than one authentication method before users are allowed to
access a system. The process of using more than one means of authentication for added
security is known as multifactor or strong authentication.
The most commonly used form of multifactor authentication is two-factor authentication,
in which a combination of two separate security elements are used in tandem before
access is granted.
In general, authentication is based on three factor types:
Type 1: Something you know
Type 2: Something you have
Type 3: Something you are
For organizations that need to guard mission-critical data, additional factors should be
evaluated. An emerging approach to authentication is called adaptive authentication. This
approach evaluates the behavior of the user pre- and post-authentication, considering a
number of risk-based factors. Machine learning based on heuristics and user profile
characteristics might be employed with this approach.
Two-Factor Authentication
Two-factor authentication combines two security elements before allowing access to an
asset. Security elements may include a password, authentication tokens, or digital
certificates, and physical characteristics such as fingerprints. A two-factor authentication
is useful in safeguarding extremely sensitive information such as a confidential customer
data.
An extra layer of authentication can prevent unauthorized access to data.
Three-Factor Authentication
2/9/22, 11:24 PM Multifactor Authentication
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/multifactor-authentication.html?ou=622270 3/5
Three-factor authentication combines three security elements before allowing access to
an asset. Security elements may include a password, authentication tokens, or digital
certificates, and physical characteristics such as fingerprints. A three-factor authentication
is useful in safeguarding extremely sensitive information such as confidential customer
data.
The use of three factors can drastically reduce incidents involving phishing, Trojan attacks,
and identity theft.
Security Tokens
Security tokens are a commonly used multifactor authentication mechanism. A token is a
piece of hardware or a physical device that generates one-time security passwords
composed of strings of random numbers and characters, set to sync with the server.
Tokens are typically set to expire in one minute, so if the password is not entered in that
time, a new password will be generated by the token. It is important that passwords are
completely random to ensure the security of this method.
Smart Cards
Many organizations use smart cards to provide multifactor authentication mechanisms. A
smart card differs from a computer memory card in that it can read, store, and process
data. They can be created with programmable magnetic strips to allow the user to swipe
the card for access (Smart Card Alliance, 2004).
Biometrics
Identity theft and data fraud are huge security challenges for organizations around the
world. With the increase in online financial transactions, identity theft is also on the rise.
Even as organizations step up efforts to mitigate security threats, criminals find new ways
of breaching security.
Because identity theft is so prevalent and breaches are occurring at a higher frequency,
organizations are gravitating toward increased use of multifactor authentication
mechanisms. Biometrics are an attractive option because they offer a way of uniquely
identifying individuals based on physical and behavioral traits that do not change.
Biometric devices are designed to provide authentication by verifying a unique
physiological or behavioral characteristic that belongs to the user.
2/9/22, 11:24 PM Multifactor Authentication
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/multifactor-authentication.html?ou=622270 4/5
Selecting Strong Authentication Methods
In addition to considering an organization's unique security requirements, it is important
to weigh the benefits and costs of various strong authentication choices.
Cost
When considering total cost of ownership, there are two primary considerations: the
initial cost and the operating cost. It is also important to consider the types of incremental
costs with adding users to expanding the authentication model to other aspects of the
organization's enterprise.
Usability
Authentication methods should be as transparent as possible and not negatively affect the
way users are able to carry out their jobs.
Manageability
The application of authentication along with the management of user accounts and the
monitoring of their use plays an important part in the overall security of information
resources. The authentication method should provide centralized management along with
advanced capabilities including tracking events, auditing, and reporting capabilities.
Flexibility
Where there are differing requirements, an organization may deploy alternative
authentication methods. The authentication method should be capable of addressing
multiple functional requirements while also matching the risk profile of user groups.
Integration
The authentication mechanism should be capable of integrating with existing enterprise
applications such as single sign-on (SSO), virtual private network (VPN), internet protocol
security (IPsec) and public key infrastructure (PKI) authentication, and Remote
Authentication Dial-In User Process (RADIUS).
References
2/9/22, 11:24 PM Multifactor Authentication
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/multifactor-authentication.html?ou=622270 5/5
Imprivata. (2009). A more secure front door: SSO and strong authentication.
https://www.imprivata.com/sites/default/files/resource-
files/a_more_secure_front_door.pdf
Smart Card Alliance. (2004). Logical access security: The role of smart cards in strong
authentication. http://www.library.ca.gov/crb/rfidap/docs/SCA
Smart_Cards_and_Logical_Access_Report.pdf
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.