Did you just buy something online via a new e-commerce shop? Or maybe you tried an online service for photo manipulation? The explosion of services on the internet has been a game changer for over 4 billion people on Earth, and it keeps growing rapidly. But each of these services as a simple question: please sign-up. Choose a login and password.
This is where our brain gets challenged. What password should I use? Shall I make a new one? Shall I re-use the one I already have in use? I think you already know which one’s more popular. Let have a look at some stats:
- most of us re-use the same password over 80% of the time – the human brain isn’t made to remember dozens of different (complex) passwords
- 47% of people re-use passwords for over 5 years; 21% even sticks to the same one for over a decade
- almost 1 or 3 (29% to be exact) share their password with others
One way to combat a fragile memory and still use strong and diverse passwords is to have your browser save them. Very convenient, until your device falls into the wrong hands after it gets hacked or stolen. What’s even worse is the habit of writing your passwords on post-its or other papers, a habit that approximately 30% of people admit to doing.
All of this doesn’t sound too safe. If the one password you keep on using gets hacked or stolen, then the hackers might be able to access virtually all of your online services: your social media account, your e-commerce shops, etc.
MFA to the rescue!
As a business, you should protect yourself from these risks. Having your data fall into the hands of criminals can come at a great cost. The use of ‘Multi-Factor Authentication’ (MFA) is generally accepted to be a best-practice today.
Wikipedia’s definition reads: “Multi-factor authentication (MFA) is a method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). Two-factor authentication (also known as 2FA) is a type (subset) of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.”
In other words:
- Something you know: your classic password (with all their risks associated)
- Something you have: for example a unique 6 digit code generated on a token generator (such as a mobile app or a physical token generator). However, this could also be your fingerprint.
- Something you are: for example a login name or an email address
The ‘possession’ factors can be grouped into
- disconnected tokens – have no connections to the client computer. They typically use a built-in screen to display the generated authentication data, which is manually typed in by the user. A well-known example of these is RSA SecurID hardware tokens.
- connected tokens – devices that are physically connected to the computer to be used. Those devices transmit data automatically. Whether it be card readers, wireless tags or USB tokens, the common denominator is that the establish a connection with the device you want to log in to.
- software tokens – (a.k.a. soft token) are a type of two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated (in contrast to hardware tokens, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated). Examples of this include Google Authenticator or Microsoft Authenticator.
With the uprising of mobile devices such as smartphones and tablets, a new type of factor has been rising in popularity: inherent factors. These are factors associated with the user and are usually biometric methods, including fingerprint, face, voice, or iris recognition. Behavioral biometrics such as keystroke dynamics can also be used.
In other words, there are clearly a whole lot of solutions and vendors out there. Meaning, there are little excuses for businesses not to use MFA.
Awingu offers a built-in MFA solution
Awingu is a ‘unified workspace’ solution. It enables businesses to run their company apps and files on the browser of any device. Awingu comes with a built-in MFA solution under the form of a ‘One Time Password’ (OTP) generator. It works with ‘Google Authenticator’ as a soft token. Google Authenticator is a free app and is available on all platforms.
Use Google Authenticator to generate your secure One-Time-Password
If for what so ever reason, the built-in solution doesn’t provide what you need, then Awingu has integrations with RADIUS-based providers, Duo Security (now Cisco), SMS Passcode and Azure MFA.
Overview of MFA technologies supported in Awingu (4.0 – July 2018)
The use of strong authentication can be triggered by the context of the user (“context awareness”). IT administrators can, for example, enforce the use of the second-factor authentication if users are Outside of their company networks (e.g. at home, at the airport,) but allow login with just login/password when on the (secured) company network.