September 2020 Security Awareness

Multi-Factor Authentication

  • Two Factor Authentication
    Two Factor Authentication (Multi-Factor, Two-Step) is an extra layer of security for your logins designed to prove that you are the only person that can access your account. Even if someone knows your password, they cannot login to your account without access to your mobile device, secure key or fingerprint.

    Setting up Two Factor is simple in most cases. Check this website to find out if the site you login to is supported: https://twofactorauth.org/  They also provide links to configuration for each site.

    Here are the five Authentication types in order by least to most secure.

    1. SMS (Text based)
    After you enter your password, you are sent a text with a code that lets you sign in. 

    Pros:   
    Easy to setup and use.
    Can be used with a non-smart phone.

    Cons
    Text messages can be intercepted, redirected or forwarded.
    Mobile numbers can be stolen by fake port forwards.
    Need mobile network to work.

    2. OTP (One Time Password)
    After you enter your password, you will need to enter a second code that is displayed in an application on your phone (Google Authenticator). The code on your phone refreshes every 60 seconds. 

    Pros
    Easy to setup and use.
    Can be used without mobile service (works with wireless)

    Cons
    Requires a smart phone.

    3. Push Notification
    After you enter your password, a push request is sent to your phone. You are given the option to approve or deny.


    Pros
    Easy to use once setup.
    Can be used without mobile service (works with wireless)

    Cons
    Requires a smart phone.

    4. Physical Key (YubiKey)
    After you enter your password, you will need to insert a dedicated key into your USB port to continue.


    Pros
    Very secure.
    Easy to use once setup

    Cons
    Have to buy a physical key and carry it with you.
    Device you are logging into must have a USB port.

    5. Biometric ID (Retina or Fingerprint scan)
    After you enter your password, you will need to use your fingerprint or retina scan to verify it is you.

    Pros
    Nothing to carry, you are the key.

    Cons
    Difficult to change if compromised.
    Requires physical equipment.