Which Form of MFA Is the Most Secure/Convenient?
How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).
Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.
With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.
Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.
MFA provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.
What Are the Three Main Methods of MFA?
When you implement multi-factor authentication at your business, it’s essential to compare the three main methods of MFA and not just assume all methods are the same. Key differences make some more secure than others and some more convenient.
Let’s take a look at what these three methods are:
The form of MFA that people are most familiar with is SMS-based, which uses text messaging to authenticate the user.
The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that the user must enter.
On-Device Prompt in an App
Another type of multi-factor authentication will use a unique app to push through the code. The user still generates the MFA code when logging in. But instead of receiving the code via SMS, the code is sent through the app.
Usually, this code gets sent via a push notification, and this MFA is accessible with a mobile app or desktop app in many cases.
The third method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased when the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.
The MFA security key is typically smaller than a traditional thumb drive. It must be carried by the user to authenticate when they log into a system.
Now, let’s look at the differences between these three methods.
Most Convenient Form of MFA?
Users can often feel that MFA is slowing them down. MFA can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?).
This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.
If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based MFA.
Most people are already used to getting text messages on their phones. Therefore, there is no new learning interface or app to install.
Most Secure Form of MFA?
If your company handles sensitive data in a cloud platform, such as your online accounting solution, it may be in your best interest to go for security.
The most secure form of MFA is the security key.
The security key, being a separate device, won’t leave your accounts unprotected if a mobile phone is lost or stolen. The SMS-based and app-based versions would leave your accounts at risk in this scenario.
The SMS-based is the least secure because there is malware that can now clone a SIM card, allowing a hacker to get those MFA text messages.
A Google study looked at the effectiveness of these three methods of MFA in blocking three different types of attacks. The security key was the most secure overall.
Percentage of attacks blocked:
- SMS-based: between 76 – 100%
- On-device app prompt: between 90 – 100%
- Security key: 100% for all three attack types
What’s in Between?
So, where does the app with an on-device prompt fit? Right in between the other two MFA methods.
Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than carrying a separate security key that could quickly become lost or misplaced.
Looking For Help Setting up MFA at Your Company?
Multi-factor authentication is a “must-have” solution in today’s threat climate. You can set up MFA via your MyDreamIT account.
- 1. Log in to your MyDreamIT account.
- 2. Click on your Profile on the top right-hand side.
- 3. Click Security Settings from the drop-down list.
- 4. Click on the Two-Factor Authentication tab.
- 5. Click the Click here to Enable button to set up MFA for your account.
The article is used with permission from The Technology Press.