Are you using the most secure method to protect your accounts?
In our latest Cyber Tip of the Month, PROTECT+ Security Consultant Russell Bull talks all things Multi-Factor Authentication, including what it is, common methods – and the most secure forms of MFA you should use to protect your accounts. This special edition of Cyber Tip of the Month is part of our Cyber Security Awareness Month campaign – visit our insights page for more ways to protect yourself and your organisation.
Credential theft is one of the most significant cyber security threats, with more attackers finding ways to hack into systems and steal user account login credentials. Passwords are not strong enough to protect our accounts anymore, with 14% of breaches involving the exploitation of vulnerabilities as an initial access step, almost triple the amount from last year’s report.
So, what’s the best way to secure your accounts and block attacks and unauthorised access? The answer is Multi-Factor Authentication, also known as MFA.
Multi-factor authentication is essential if you want to build a powerful wall of defence for your accounts. It’s shown to block up to 100% of attacks and fraudulent login attempts – but it all depends on your chosen MFA method.
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) adds an extra layer of security, ensuring that only you can access your accounts. Instead of relying solely on a password, MFA requires you to verify your identity using two or more methods. This combination of authentication steps makes it much harder for unauthorised users to gain access and keep your accounts secure.
How does Multi-Factor Authentication work?
To secure our information, we use three authentication factors: something you know (like passwords or PINs), something you have (like security keys or tokens), and something you are (like biometrics). Multi-factor authentication (MFA) combines these to create more vital account protection.
Even if a hacker steals your password, they can’t access your account without your MFA device, whether it’s a security key, fingerprint, or authenticator app. Although no method is foolproof, MFA makes unauthorised access significantly more complicated, with some methods providing more robust security than others.
RELATED CONTENT: Near field communication: What is it and how can I stay vigilant?
The most common Multi-Factor Authentication methods
MFA methods come in various forms, but not all offer the same level of security or convenience. Some options are easier to use, while others provide more substantial protection. Understanding the differences is critical to selecting the best method for your needs.
The most common MFA methods are:
- SMS
- Random pin
- Biometrics
- Authenticator app
- Security key
We know we need to use at least two options for solid security on our devices, but where do you start? Let’s examine the pros and cons of these six MFA forms and find the most secure method.
Email link
Email links are one of the most straightforward and convenient Multi-Factor Authentication (MFA) methods, as they don’t require extra hardware or software. However, this convenience comes at a cost—email-based MFA is also one of the least secure options. It’s highly vulnerable to attacks and more accessible to compromise. While it’s better than just a password, it’s far from the most robust choice for protecting your accounts.
RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe
SMS
SMS-based Multi-Factor Authentication (MFA) is widespread and convenient, requiring only a phone to receive text messages. When logging in, you’ll get a time-sensitive code via text. While easy to use, SMS MFA has security flaws. Hackers can clone SIM cards or hijack phone numbers, gaining access to your MFA codes. Additionally, attackers can intercept your text messages if your phone is linked to a compromised computer. Though widely used, SMS MFA provides only moderate security.
Random PIN
Random PINs can enhance account security, but they aren’t without flaws. Like passwords, even long PINs are susceptible to guessing, phishing, and brute-force attacks. Relying on PINs or passwords alone isn’t enough. To truly protect your accounts, always combine them with another form of Multi-Factor Authentication, such as the methods I will share below.
Biometrics
Biometrics, like fingerprints or facial recognition, offer a convenient and secure way to protect your accounts—after all, you can’t lose them, and they’re always with you. However, even these unique identifiers aren’t foolproof. High-definition images or latent fingerprints can be used to replicate them. Worse yet, if compromised, your biometrics are compromised for good—you can’t simply change your fingerprint. This also raises privacy concerns, as sharing your biometric data with others comes with risks.
Authenticator apps
Authenticator apps like Google Authenticator and Microsoft Authenticator are convenient for MFA, generating rolling codes for added security. However, they have drawbacks. If your smartphone is lost or stolen, your authentication could be compromised, so choose an app that allows deactivation on a lost device. These apps are also vulnerable to malware, and users may unintentionally approve fraudulent login attempts due to habit or MFA fatigue.
Attackers may bombard users with push notifications until they approve access. For more insights on reducing MFA fatigue risks, PROTECT+ Senior Security Consultant Anthony Jones offers helpful advice.
Security key
Experts say that security keys are the most secure form of Multi-Factor Authentication. A Google study found that “70% of Google Accounts owned by people regularly using our products automatically benefit from second-factor authentication that confirms their identity when a suspicious sign-in is detected.”
A security key is a physical token you can insert into a PC or device to authenticate the login. It’s usually smaller than a thumb drive and must be carried by the user when they want to log into the account. A physical token cannot be copied and works offline, providing the best assurance for account security.
While that sounds great, users must know that a security key still has weaknesses since the physical token can be lost or stolen.
RELATED CONTENT: Common cyber security mistakes and 3 simple ways to fix them
What is the most secure Multi-Factor Authentication method?
The most secure Multi-Factor Authentication method is a phishing-resistant type of MFA, which means that attackers cannot intercept or dupe users into providing account access. Phishing-resistant types of MFA include the FIDO2 and WebAuthn standards and hardware-based security keys. This method combines the security of physical tokens and biometrics to create a highly secure method of authenticating user access.
You can also create a powerful authentication method by combining multiple forms of MFA, such as non-reused passwords and biometrics, alongside authenticator apps and push notifications.
How to Choose the Right Multi-Factor Authentication method ?
Choosing the proper MFA method can be simplified by considering cost, ease of use, and the sensitivity of the data you’re protecting. Authenticator apps are free and user-friendly, offering solid security for accounts like email and banking. Choose apps that use rolling codes instead of push notifications to avoid MFA fatigue.
For maximum security, security keys are the best option, though they cost $20 to $100 per key and are ideal for protecting critical accounts like banking, crypto, and government services. Despite their pros and cons, MFA is the most effective way to safeguard your identity, data, and accounts.
Need help choosing the right MFA and other cyber security measures for your business? Get in touch with us and find out more about how Kinetic IT’s PROTECT+ cyber security solution can work for you.
