Written by Elliott Abraham, CISSP
Senior Security Architect at ADAPTURE

What is Authentication?

Authentication is the means by which an entity validates that they are in fact who they claim to be. The most commonly used types of authentication are the very basic username and password. However, this presents a very real challenge for us. Our passwords are often easy to guess, easy to brute force, or easy to steal in other manners. As witnessed with the recent Google Docs Phishing attacks, the need for better or stronger authentication is of paramount importance. Here are some practical ways an organization can protect itself with stronger authentication.

Authentication is a function of some combination of:

  • Something You Have – I have an ID
  • Something You Know – I know my password
  • Something You Are – I am my biometric identification markers (ie: fingerprints)

What is Multi-Factor Authentication?

Many of our most frequently used systems are equipped to support Multi-Factor Authentication (MFA). These systems require a user to enter not only his or her username/password combination but some separate form of authentication, such as a PIN, a token code, or a fingerprint or retinal scan. For many years, Google has offered MFA in the form of its Two-Step Verification. Google has long provided Google Authenticator, which many other organizations now use as part of their MFA setups. For example, Amazon Web Services can use the Google Authenticator with Its MFA in the Identity and Access Management console.

Had users victimized by the Google Docs Phishing attack been using Two-Step Verification, Google claims they would have been unaffected. At this point, users should demand that their application providers offer MFA. If the mechanism doesn’t exist, consider requesting that feature or using a different application. Your data and your sensitive information is often only protected by an authentication system. All critical information systems in the enterprise should be protected by MFA access.

If you are unsure how to implement MFA in your organization, contact the architects at ADAPTURE today to schedule a consulation.

Categories: Cybersecurity, Security