Reassuring Security Through MFA

Enterprise Security Magazine | Wednesday, July 06, 2022

When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network.

FREMONT, CA: One of the most efficient security measures a company can use, to keep an adversary from obtaining access to a device or network and accessing sensitive data, is multi-factor authentication. Multi-factor authentication, when correctly implemented, can make it far more difficult for an adversary to obtain valid credentials and exploit them to support additional harmful operations on a network. Users that execute privileged functions, access sensitive or high-availability data repositories, and use remote access should all employ multi-factor authentication. As opposed to conventional single-factor authentication techniques employing passwords or passphrases, multi-factor authentication offers a secure authentication process less vulnerable to brute force assaults.

When hackers break into a network, they usually try to obtain valid user or administrative credentials. With these credentials, they can spread quickly across a network and carry out malicious operations without the need for additional exploits, lessening the chance that they will be discovered. Adversaries will also attempt to obtain login information for virtual private networks (VPNs), which can help them disguise their activity and lessen the chance of being discovered. When multi-factor authentication is used appropriately, it becomes much more difficult for an attacker to steal a complete set of credentials because the user must demonstrate that they have physical access to a second factor that they either own (such as a physical token, smartcard, or software certificate) or are otherwise authorised to use (e.g. a fingerprint or iris scan). Multi-factor authentication must be implemented adequately to minimise security flaws and prevent a false sense of security that could leave a network open to attack. An adversary could, for instance, compromise the username from a remote access device and use it to authenticate either locally to a corporate workstation or to propagate within a network after compromising an initial workstation on the network using spear-phishing techniques. This could transpire when multi-factor authentication is used for remote access solutions in an organisation but not for corporate workstations. Multi-factor authentication for remote access is extensively superior to single-factor authentication in such a situation, but it does not eliminate the necessity for adequately hardened devices to be employed as a component of an all-encompassing remote access solution.

Multi-step authentication is a popular authentication method that is frequently mistaken for multi-factor authentication. The use of multiple authentication verifiers in succession to access resources is known as multi-step authentication. Until access to the preferred resources is attained, each authentication verifier gives access to progressively more privileged portions of the system. The nature of authentication verifiers might be either single-factor or multi-factor. There is no single point in the system that uses two or more authentication factors to authenticate a single claimant to a single authentication verifier, so while multi-step authentication may significantly increase system security, it is simpler for an adversary to bypass than multi-factor authentication. As a result, a system can be compromised gradually by an adversary, giving them access to ever-greater resources without ever requiring to go around the multi-factor authentication requirement. Owing to this, multi-factor authentication cannot be substituted with multi-step authentication.

Weekly Brief