Introduction to Multi Factor Authentication (MFA)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you have probably heard of two-factor authentication and multi-factor authentication before. In this video we're going to see what they really are and how they improve the security of our network. To access certain services we generally need to be authenticated and authentication is all about proving that you really are who you claim to be. There are three primary methods called factors to prove who you are these are known as 'what you are', 'what you know', and 'what you have'. Some people also like to add where you are and what you do to this list now this definitely sounds weird at first but it will all make sense soon the first form of authentication that would jump to your mind is a username and password this is an example of something that you know. That is only you know your password so if you enter it correctly you must be who you say you are. Another example of what you know is a pin that you might use when entering a secure building or withdrawing money at the bank. This isn't foolproof though what happens if someone steals your password they might guess it maybe you share it with them both of which you should be trying to prevent. But even if you have an unguessable password and don't share it a website you use might be compromised and your password could be stolen that way. If you're skeptical i guarantee that it does happen take a look at the link here for example this site lists whether your password has been stolen from a compromised site at one time or another so the problem then is that a single factor can be too easily compromised. If that happens someone else can authenticate as you. What we can do then is add an additional factor for example when you log on to a website it might send a code to your phone which you are then required to type in you must have the phone in your possession for this to work. This is an example of what you have if someone were to compromise your password they would then also need to steal your phone it's now a lot harder to log in as you this has been around for quite a while think of withdrawing money from the bank you need a bank card which is something you have as well as a pin which is something you know this could also be an app on your phone like google authenticator or a physical device that you carry with you called a key fob and that's the guts of multi-factor authentication adding security by using more than one authentication factor. You've probably used this before and maybe you've not even realized it think about when you do your online banking for example you open a web page you enter your username and password and perhaps an account id. This is the first factor of authentication the bank sends a code to your phone which you need to type in this is the second factor only you should be in possession of both the login details as well as the phone so you have now proven that you really are you if you would like to try this out i recommend looking at an application called duo security they have free accounts that you can use with a website like wordpress. We mentioned three main factors at the start of the video are you wondering what the 'what you are' factor is? it's basically using some sort of biosecurity that means fingerprints, retina scans, that sort of thing it's essentially using some part of you to prove you are who you say you are so that means you could use all three factors in some cases. Use a password to log in send a code to an app on your phone and then needing a fingerprint to unlock your phone. To compromise this an attacker would need to steal your password steal your phone and then somehow coerce you to unlock the phone for them either that or steal your finger which is a pretty grisly thought traditionally these are the three factors of authentication but some people like to consider two more. The first is where you are this could be something like an access list on a firewall restricting logins to certain locations. However that doesn't really prove your identity so i think it's a bit of a stretch. The other is what you do which has some relatively new applications this is something that you do uniquely like a signature some technologies like Capcha can look at details like how you move your mouse which a robot would find hard to forge. Once again though these are more focused on proving that you're human rather than who you are and that's how MFA works. I hope you can see the benefits of using this and are keen to give it a try. In my experience though the tricky bit is convincing your users

Info

Channel: Network Direction

Views: 11,902

Rating: undefined out of 5

Keywords: Network direction, Multi factor authentication, Mfa, Two factor authentication, 2fa, Authentication, Factors, What you are, What you know, What you have, Username, Password, Pin, Haveibeenpwned, Key fob, Duo security, Google authenticator, biometric

Id: STI6vtKtHpU

Channel Id: undefined

Length: 4min 50sec (290 seconds)

Published: Tue Oct 20 2020